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Copyright and Trademarks 

© 1995 Livingston Enterprises, Inc. All rights reserved. 

The product names, "ComOS," "IRX," "PortMaster," "PMconsole," and "TelePath" are trademarks belonging to 
Livingston Enterprises, Inc. 

All other product brand names mentioned in this manual are trademarks or registered trademarks of their 
respective manufacturers. 

Disclaimer 

Livingston Enterprises, Inc. makes no express or implied representations or warranties with respect to the contents 
or use of this manual, and specifically disclaims any implied warranties of merchantability or fitness for a 
particular purpose. Livingston Enterprises, Inc. further reserves the right to revise this manual and to make 
changes to its content at any time, without obligation to notify any person or entity of such revisions or changes. 

FCC Class A Notice - United States 

Computing devices and peripherals manufactured by Livingston Enterprises, Inc. generate, use, and can radiate 
radio frequency energy, and if not installed and used in accordance with the instructions contained in this manual, 
may cause interference to radio communications. Such equipment has been tested and found to comply with the 
limits for a Class A computing device pursuant to Subpart J of Part 15 of the FCC Rules, which are designed to 
provide reasonable protection against radio interference when operated in a commercial environment. Operation 
of this equipment in a residential area is likely to cause interference, in which case the user — at his own expense 
— will be required to take whatever measures may be required to correct the interference. 

Some components may not have been manufactured by Livingston Enterprises, Inc. If not, Livingston Enterprises 
has been advised by the manufacturer that the component has been tested and complies with the Class A 
computing device limits as described above. 









End User Product Agreement 

This End User Product Agreement (the "Agreement") is a legal agreement between yourself, the individual or 
enterprise (the Customer") which has acquired the hardware and software internetworking products contained 
in this packaging (the "Products"), and Livingston Enterprises, Inc., a California corporation ("Livingston"). You 
are requested to please carefully read the following terms and conditions. By using the enclosed Products, you 
accept this Agreement, and further agree to be bound by the terms and conditions contained herein. If you are not 
willing to be bound by the terms and conditions of this Agreement, then you must promptly return the Products 
to where you obtained them, or to Livingston, whereupon you will be provided with a full refund of your money, 
provided that there has been no damage to the Products which has been incurred due to your negligent use or 
handling thereof. 

1. License Grant. Livingston grants to Customer the non-exclusive, non-transferable right and license to use the 
applicable Livingston proprietary software, whether enclosed herein in whatever form or media, or acquired 
electronically, as follows: (i) Customer shall have the right to use one (1) copy of the Livingston operating system 
("ComOS") software on each hardware product acquired hereunder, and (ii) Customer shall have the right to 
reproduce, copy, use and distribute, in machine-readable (object code) form only, the Livingston software which is 
provided to Customer for administration, host device emulation and client remote access, provided however, that 
the use of such software must be made solely in conjunction with Livingston manufactured hardware products. 

2. License Restrictions. Customer agrees that it will not attempt to reverse engineer, decompile or disassemble 
any Livingston software provided hereunder. Customer further agrees that it will not sublicense, rent, lease or 
assign any Livingston software provided hereunder, except that Customer may assign the software with the 
Products to a third party by operation of law, provided that the assignee is bound to the terms and conditions 
contained in this Agreement as a condition of assignment. 

3. Ownership and Copyright. The Products provided to Customer hereunder are proprietary to Livingston and 
the software is protected by copyright, under the United States copyright laws and certain international treaties. 
Customer acknowledges and agrees that, while it shall acquire title to the hardware, it is acquiring only the right 
to use the software as provided for hereunder, and that all ownership and intellectual property rights not herein 
specifically granted to Customer are expressly reserved by Livingston. 

4. Limited Warranty. Livingston warrants to the benefit of Customer only, for a term of one (1) year from the date 
of delivery of the Products to Customer, that under normal use and service: (i) the hardware and the software 
media shall be free from any defects in materials and workmanship, and (ii) the software will substantially 
conform to the functional specifications which are set forth in the applicable Product User's Manual. 

5. Livingston Obligations; Customer Remedies. Livingston's sole obligation and liability under this limited 
warranty shall be to repair or replace any defective hardware or software media component and to remedy any 
substantial non-conformance of the software to the functional specifications set forth in its applicable User's 
Manual. If Livingston is unable to satisfy the foregoing limited warranty obligations during the warranty term, 
then Livingston shall, upon Customer's request for termination of the Agreement and return of the Products, 
refund to Customer all sums paid to Livingston for the purchase and licensing of the Products hereunder. THE 
FOREGOING REMEDIES ARE THE SOLE AND EXCLUSIVE REMEDIES AVAILABLE TO CUSTOMER FOR THE 
BREACH OF THE LIMITED WARRANTY SET FORTH IN THIS SECTION 5. 







6 Disclaimer of Implied Warranties. EXCEPT FOR THE EXPRESS LIMITED WARRANTY SET FORTH IN 
SECTION 5 ABOVE, LIVINGSTON MAKES NO OTHER EXPRESS WARRANTIES. TO THE EXTENT 
AUTHORIZED BY APPLICABLE LAW, LIVINGSTON SPECIFICALLY DISCLAIMS ALL OTHER WARRANTIES, 
WHETHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING WITHOUT LIMITATION, THE IMPLIED 
WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 
NON-INFRINGEMENT. 

7. Limitation of Liability. Livingston's cumulative liability to Customer, or any third party, for loss or damages 
resulting from any claim, demand or action arising out of or relating to this Agreement or the use of Livingston 
Products, shall not exceed the amount paid to Livingston for the purchase and licensing of the Products. IN NO 
EVENT SHALL LIVINGSTON BE LIABLE FOR ANY INDIRECT, CONSEQUENTIAL, SPECIAL, INCIDENTAL 
OR EXEMPLARY DAMAGES OR LOST PROFITS, EVEN IF LIVINGSTON HAS BEEN ADVISED OF THE 
POSSIBILITY OF SUCH DAMAGES. SOME JURISDICTIONS DO NOT ALLOW THE LIMITATION OR 
EXCLUSION OF LIABILITY FOR SUCH DAMAGES, SO THE ABOVE LIMITATIONS MAY NOT APPLY TO YOU. 

8. U.S. Government Restricted Rights. If the Products are acquired by or on behalf of a unit or agency of the 
United States Government, by GSA or otherwise, then the Products are provided with RESTRICTED RIGHTS. 
Use, duplication or disclosure by the Government is subject to restrictions set forth in subparagraph (c)(l)(ii) of 
the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013, or in subparagraphs (c)(1) and 
(2) of the Commercial Computer Software-Restricted Rights, at 48 CFR 52.227-19, as applicable. Manufacturer is 
Livingston Enterprises, Inc., 6920 Koll Center Parkway, Pleasanton, California 94566, (510) 426-0770. 

9. Export Law Assurances. Customer agrees and certifies that the Products will not be shipped, transferred or re¬ 
exported, directly or indirectly, into any country prohibited by the United States Export Administration Act and 
the regulations promulgated thereunder, and that use of the Products will not be prohibited by such laws. 

10. Term. This Agreement shall be effective upon the Customer's opening of the Product packaging and shall 
continue until terminated. Customer may terminate at any time by discontinuing use of the Products. Livingston 
may terminate this Agreement upon a material breach by Customer that remains uncured for a period of thirty 
(30) days after notice to Customer by Livingston specifying such material breach. 

11. Integration; Governing Law. This Agreement represents the entire Agreement between the parties hereto and 
supersedes any prior or contemporaneous proposal, representation or understanding. The Agreement shall be 
construed and enforced in accordance with the laws of the State of California, USA. If the Products are distributed 
outside of the USA, then the United Nations Convention on Contracts for the International Sale of Goods is 
expressly disclaimed, and shall not apply to the performance or interpretation of this Agreement. 
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Preface 


About This Guide 

This guide provides general information about networking and network configuration 
as well as specific information needed to configure PortMaster™ products. This guide 
should be reviewed thoroughly before you configure your PortMaster. The 
Configuration Guide provides all of the settings required for the most commonly used 
PortMaster configurations. 

This guide is designed to be used by qualified system administrators and network 
managers. Knowledge of basic networking concepts is required to successfully install 
the PortMaster. 

Preview of this Guide 

This guide is designed to provide you with the information needed to configure the 
PortMaster. However, specific information about using the PMconsole™ user interface 
can be found in the Administrator's Guide for your interface. See "Related 
Documentation" for more information about Livingston documentation. The 
Configuration Guide for PortMaster Products includes the following chapters: 

Chapter 1, "Introduction to PortMaster Products" describes each of the Portmaster 
products and how you can use them to accomplish your network goals. 

Chapter 2 , "Networking Concepts" describes the networking concepts you need to 
understand in order to make decisions about how to configure the PortMaster. 

Chapter 3, "How PortMasters Work" briefly describes the operation of a PortMaster 
and the different kinds of uses for asynchronous ports. 

Chapter 4, "Configuring a PortMaster" reviews each of the steps required to configure 
a PortMaster. This chapter also includes a detailed description of each of the global 
configuration parameters and how to set static routes. 

Chapter 5, "Configuring the Ethernet Interface" describes each of the Ethernet port 
configuration parameters and its options. 


About This Guide 
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Chapter 6 , "Configuring an Asynchronous Port" describes each of the asynchronous 
port configuration parameters and its options. This chapter also describes how to 
configure modems. 

Chapter 7, "Configuring a Synchronous WAN Port" describes each of the 
synchronous port configuration parameters and its options. 

Chapter 8, "Configuring Dial-In Users" describes how to configure dial-in users by 
managing the Users Table. 

Chapter 9, "Configuring Dial-Out Locations" describes each of the parameters used to 
set dial-out locations using the Location Table. 

Chapter 10, "Configuring Filters" describes all of the parameters and options used to 
set input and output packet filters. 

Chapter 11, "Connecting a Branch Office to the Main Office" describes the specific 
configuration options used to configure your PortMaster for a connection to another 
office. This chapter also describes how to setup multi-line load-balancing, which 
provides additional network bandwidth on-demand. 

Chapter 12, "Connecting Your Office to the Internet" describes how to configure the 
PortMaster for a continuous connection to an Internet Service Provider (ISP). 

Chapter 13, "Configuring User Dial-In Access" describes how to configure the 
PortMaster to allow login users to access available hosts. This application is useful for 
telecommuters, universities, and Internet Service Providers (ISP). 

Chapter 14, "Configuring the PortMaster to Access Shared Devices" describes how to 
configure PortMasters to allow access to shared devices such as modems, printers, and 
other RS-232 devices. 

Chapter 15, "Synchronous Leased Line Connections" describes how to configure a 
PortMaster synchronous port for a leased line connection. 

Chapter 16, "Synchronous Frame Relay Connections" describes how to configure a 
PortMaster synchronous port for a Frame Relay connection. 

Chapter 17, "Synchronous V.25bis Dial-Up Connections" describes how to configure 
a PortMaster synchronous port for V.25bis dialing using a switched 56K or an ISDN 
terminal adapter. 
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Chapter 18, "ISDN Connections" describes how to configure ISDN on PortMaster 
products. 

Chapter 19, "Troubleshooting the PortMaster Configuration" provides information 
about analyzing and solving network problems. 

Chapter 20, "Command Line Summary" provides a quick reference guide to the 
syntax of all of the PortMaster commands. 

A glossary, list of references, and index are also included. 

Related Documentation 

The PortMaster Hardware Installation Guide gives instructions for installing the 
PortMaster hardware on your network. Read the Hardware Installation Guide that came 
with your system before you attempt to configure your communications server or 
router. 

The PMconsole user interface can be used to perform the actual configuration tasks. 
PMconsole comes in several versions including: PMconsole for Windows and 
PMconsole for X Windows. Use the Administrator’s Guide that is appropriate for your 
chosen interface. 

The PortMaster can also be configured using the Command Line Interface, either by 
attaching a console terminal or PC to the service port or connecting to the port using 
telnet. A quick reference guide for the command syntax is given in Chapter 20. 

Document Conventions 


The following table describes the type changes and symbols used in this guide. 


Typeface or 
Symbol 

Meaning 

Example 

AaBbCcl23 

The names of commands. 

Use version to display the 


parameters, and 
directories; on-screen 
computer output. 

version number. 

AaBbCcl23 

What you type, contrasted 

login: Iroot 


with on-screen computer 
output. 

Password: 


Related Documentation 
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Typeface or 
Symbol 

Meaning 

Example 

AaBbCcl23 

Command-line 

To set baud rate, type: 


placeholder: replace with a 
real name or value. 

set sO speed baud_rate 

[AaBbCcl23] 

Commands in brackets 
denote a key to press. 

login: Iroot [Return] 


Contacting Livingston Technical Support 

Every Livingston product comes with free lifetime software technical support and a 
one year hardware warranty. 

Livingston Enterprises provides free technical support via voice, FAX, and electronic 
mail. Technical support is available Monday through Friday 6am-5pm Pacific Time 
(GMT-8). 

To contact Livingston technical support: 

• By voice, dial 1 800 458 9966 within the US or +1 510 426 0770 outside the US 

• By FAX, dial +1 510 426 8951 

• By electronic mail, send mail to support@livingston. com 

• Through the World Wide Web at the URL http: / /www. livingston. com/ 

• Upgrades and new releases are available by anonymous FTP at 
ftp://ftp.livingston.com/pub/livingston/ 

Note - An Internet mailing list for PortMaster users is available. 

To subscribe to the mailing list, send electronic mail to 
portmaster-users-request@livingston.com 
and in the body of the message, include the line: 
subscribe 

To subscribe to a daily digest instead, send electronic mail to 
portmaster-users-digest-request@livingston.com 
and in the body of the message include the line: 
subscribe 
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This chapter describes the PortMaster family of products and includes the following 
information: 

• An overview of the various PortMaster products 

• A detailed description of the PortMaster hardware 

• An overview of how PortMaster routers and communication servers are used 

• An overview of how to install and configure PortMasters 

• Sample applications for PortMaster communication servers 


PortMaster Products 

PortMaster products offer advanced technology solutions for internetwork 
connectivity. Livingston products are designed to provide connectivity for sites 
requiring high speed dedicated links and for sites needing cost-effective dial up 
connections to other offices or the Internet. 

PortMaster products support three types of service: 

• Routing services that support both Internet Protocol (IP) and Novell Internet 
Packet Exchange (IPX) routing. The dial on-demand feature allows the use of dial¬ 
up telephone lines when there is data to send between networks. 

• Terminal services that connect asynchronous devices and terminal emulation 
software for telnet and rlogin connections to host computers. Terminal services 
also allow a user to access a server port as if it were a UNIX tty device for use with 
any standard serial device. 

• Telecommuting services that connect devices over telephone lines using Serial Line 
Internet Protocol (SLIP) or Point-to-Point Protocol (PPP). Security is accomplished 
using password protection, user authentication, packet filtering, and the Remote 
Authentication Dial In User Service (RADIUS) protocol. 

Figure 1-1 shows how PortMaster products can be used to provide the network 
connectivity and services described in this section. 
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Figure 1-1 PortMaster Product Applications 
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Introduction to PortMaster Products 


Livingston offers the PortMaster products shown in Table 1-1; each product was 
developed for a specific application. 


Table 1-1 PortMaster Products 


Product 


Features 


PortMaster 

Communications 

Servers 


Applications 


IRX Routers 


Fire Wall IRX 
Router 


Communications server with: 

• 10, 20, 25, or 30 asynchronous 115.2kbps serial 
ports 

• 0, 5, or 10 ISDN BRI ports 

• Security features including: dial-back, password, 
packet filtering, PPP authentication protocols 
(PAP and CHAP), and RADIUS support 

• Dial on-demand, continuous, scheduled, 
dynamic routing (RIP), and SAP support 

• Optional synchronous routing port over DDS, Tl, 
El, Frame Relay, ISDN, or leased lines 

• Support for TCP, IP, IPX, SPX, SAP, RIP, SLIP, 
CSLIP, ICMP, UDP, ARP, telnet, rlogin, and PPP 
protocols 

• TCP/IP host device emulation for connection to 
shared devices (on supported hosts) 

1 to 4 port multiprotocol router for interfacing to 
other wide-area routers. Supports networking 
speeds up to Tl for TCP/IP and NetWare networks. 
Supports synchronous, asynchronous. Frame Relay, 
and PPP connections. 

Enables secure Internet access without allowing 
access to internal networks and data. Provides a 
firewall using: 

• Tl/El synchronous port for PPP or Frame Relay 

• Asynchronous port for dial-up networking 

• 2 local Ethernet ports 

• Enhanced filtering 

• Packet logging 

• Network isolation 


Terminal services, 
telecommuting, and 
router for enterprise¬ 
wide connections 


High speed routing 
between remote sites 


High speed routing to 
gateway servers and 
the Internet 


PortMaster Products 
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Table 1-1 PortMaster Products (Continued) 


Product 

Features 

Applications 

Office Router 

Small dial-up router for connecting to other offices 

On-demand routing to 


or the Internet. Provides: 

other offices or cost- 


• 1 Ethernet port for local connection 

effective Internet 


• 1 asynchronous port for administration or dial¬ 
up connections 

• Multiprotocol, filtering, routing support 

• One of the following: 

connection 


• 1 PCMCIA port for dial connections 

• 1 ISDN BRI port 


PMconsole 

Multiplatform graphical user interface for 

Configuring 


configuring PortMaster products. 

PortMasters 

RADIUS 

Remote Authentication Dial In User Service, which 

Network and data 


is an extensible security system that allows 
authentication and authorization of network users. 

security 

TelePath 

Client software that provides a PPP serial interface 

Allows remote 


for remote access to Novell NetWare and TCP/IP 
networks. 

network access 

PortMaster Ports 



PortMasters have configurable Ethernet, asynchronous, synchronous, ISDN BRI, and 
parallel ports. Table 1-2 shows each of the configurable ports by model. 


Table 1-2 Available Port Types by PortMaster Model 



Ports 


Product 

Ethernet Async Sync (Tl) 

Sync (64K) Parallel 

OR-M 

etherO sO-sl 


OR-U 1 

etherO sO sl-s2 

PM-2 

etherO s0-s9 

pO 

PM-2E-10 

etherO s0-s9 

P 0 

PM-2E-20 2 

etherO s0-sl9 

pO 

PM-2E-30 2,3 

etherO s0-s29 

pO 
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Table 1-2 Available Port Types by PortMaster Model (Continued) 


Product 



Ports 


Ethernet 

Async 

Sync (Tl) 

Sync (64K) Parallel 

PM-2R 

etherO 

s0-s9 

wl 


PM-2ER-10 

etherO 

s0-s9 

wl 


PM-2ER-20 2 

etherO 

s0-sl9 

wl 


PM-2ER-30 2 ' 3 

etherO 

s0-s29 

wl 


PM-25 

etherO 

s0-s24 



IRX-111 

etherO 

sO 

si 


IRX-112 

etherO 

sO 

si 

s2 

IRX-114 

etherO 

sO 

si, s3 

s2, s4 

IRX-211 

etherO-1 

sO 

si 



1. ISDN BRI port. 

2. Ports sl0-sl9 may be replaced by 5 ISDN BRI ports if a MOD-IOI-U board is installed. 

3. Ports s20-s29 may be replaced by 5 ISDN BRI ports if a MOD-IOI-U board is installed. 


PortMaster Communications Servers 

The PortMaster Communications Servers include the following models: 

• PM-2 

• PM-2E 

• PM-2R 

• PM-2ER 

• PM-25 

PortMaster Communications Servers are versatile network access devices for 
Novell/IPX, TCP/IP, and mixed network environments. These products provide secure 
remote access for telecommuters and portable computer users, while reducing costs by 
managing a pool of modems used for remote access dial in and network user dial out. 
Some models provide synchronous ports for high-speed connections and parallel ports 
for additional devices. 

All of the communications servers have some combination of Ethernet, asynchronous, 
synchronous, and parallel ports. Figure 1-2 shows an example of a generic PM-2. 


PortMaster Communications Servers 
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Figure 1-2 PortMaster PM-2 

PortMaster IRX Internetwork Routers 

PortMaster IRX multiprotocol internetwork routers provide wide area 
interconnectivity between Novell/IPX, TCP/IP, and mixed network environments. 
Interconnectivity is provided over long distances using WAN links such as digital 
leased lines (64K to Tl/El), ISDN, switched 56K, or Frame Relay lines. 

PortMaster routers have one or more Ethernet ports, one asynchronous port for dial-up 
routing or as a console, and one or more synchronous ports for high-speed routing. 
The IRX routers (Figure 1-3) are designed to perform routing functions and not 
communications server functions. 



Figure 1-3 PortMaster IRX Router 


FireWall IRX-211 Router 

The FireWall IRX-211 router provides local networks with secure connectivity to 
remote networks, including the world-wide Internet. The FireWall IRX-211 provides 
security by allowing internetwork accessible hosts, such as ftp servers, to be segmented 
from the private network. This product also implements independent packet filtering 
and packet logging for each network segment. Packet filtering allows you to permit or 
deny the passage of packets to limit inbound packets while allowing local users 
outbound access to remote networks and Internet services. 
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PortMaster Office Router 

The PortMaster Office Router provides a cost-effective way to connect a small office to 
a larger corporate office or to the Internet. The dial on-demand feature of the router 
allows local area networks to be economically and seamlessly connected using 
modems and standard telephone lines when data is ready to be transmitted. 

The PortMaster Office Router, shown in Figure 1-4, consists of an Ethernet port, a 
console port that can also be used for an external modem and one of the following: 

• PCMCIA modem port 

• ISDN BRI port 



Figure 1-4 PortMaster Office Router 

PortMaster Software Description 

All PortMasters come standard with the PortMaster software, which includes: 

• ComOS™—The communication software operating system already loaded in the 
FLASH RAM of each PortMaster. 

• PMconsole—The optional user interface software for configuring the PortMaster. 
The PortMaster can also be configured through the console or a telnet session 
without using PMconsole. Available for Windows, SunOS, Solaris, AIX, HP/UX, 
and other platforms. 

• pmd or in. pmd—The optional PortMaster daemon software that can be installed 
on UNIX hosts to allow the host to connect to printers or modems attached to a 
PortMaster. The daemon also allows the PortMaster to multiplex incoming users 
onto the host using one TCP stream instead of multiple streams like rlogin. 
Available for SunOS, Solaris, AIX, HP/UX, and other platforms. 


PortMaster Office Router 
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• RADIUS—The RADIUS (Remote Authentication Dial In User Service) server, 
radiusd, runs as a daemon on UNIX systems, providing centralized 
authentication of dial-in users. The radiusd daemon is provided in binary and 
source form for SunOS, Solaris, AIX, HP/UX, and other platforms. The daemon is 
also provided in source form for Alpha OSF/1, Linux, BSD/OS, UnixWare, and 
SCO. For more information see the RADIUS Administrator's Guide. 

Software installation procedures are described in the Administrator's Guide for your 
interface software. 

Software Versions 

This manual documents the software releases shown in Table 1-3. 


Table 1-3 Software Versions 


ComOS 

Upgrade Image 

Platforms 

3.3 

pm2_3.3 

PM-2, PM-2R, PM-2E, PM-2ER 

3.3 

pm25_3.3 

PM-25 

3.3L 

or_3.3L 

OR-M, OR-U 

3.3R 

irx_3.3R 

IRX-111, IRX-112, IRX-114, IRX-211 


If you are running a later release, check the release notes for changes to the software 
since the publication of this document. Additional information about software releases 
is available from f tp: / / f tp. livings ton. com/pub/livings ton/release/. 
Upgrade images can be installed on PortMasters using pminstall and are available 
on ftp://ftp.livingston.com/pub/livingston/upgrades/. Refer to 
Chapter 19, "Troubleshooting the PortMaster Configuration" for more information 
about upgrading software. 
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Using PortMasters 

Before the PortMaster can be used to connect Wide Area Networks (WANs), you must 
install the hardware using the instructions in the Hardware Installation Guide for your 
system. 

This guide is designed to introduce the most common configuration options available 
for PortMaster products. This material should be thoroughly reviewed before you 
configure your router. Many decisions should be made before or during the 
configuration process, including: 

• What general configuration do you want to implement? 

• Do you want to use a synchronous connection to a high speed line? 

• Will your high speed line(s) be using Frame Relay, ISDN, switched 56K, or PPP? 

• If you want dial on-demand routing do you want multi-line load-balancing? 

• Do you want packet filtering for Internet connections? 

• Do you want packet filtering for connections to other offices? 

• Do you want dial in users to use SLIP, PPP, or both? 

• If you use PPP, do you want PAP or CHAP authentication? 

• Are you using a name service such as DNS or NIS? 

• Do you have the appropriate network addresses available? 

• Are you running IP, IPX, or both? 

• Do you want to enable SNMP for network monitoring? 

• Do you want dial in only, dial out only, or two way communications on each port? 

• What characteristics do you want to assign to the dial-out locations? 

• How do you want to configure dial-in users? 

• Do you want to use RADIUS to authenticate dial-in users, or the internal User 
Table on the PortMaster? 

• Do you want to use the console port for administration functions or do you want 
to attach an external modem to the port? 

There are many other decisions that need to be made during the configuration process. 
This guide discusses the various configuration options and their implications. 


Using PortMasters 


1-9 











Introduction to PortMaster Products 


Trade-Offs between Dial-on-Demand, Leased Line, and Frame 
Relay 

Determining which type of communication service best meets your networking needs 
is not a simple matter. The differences in user requirements, telephone company 
charges, and equipment and maintenance costs must all be taken into account. In this 
section, we hope to provide an overview of the parameters that should go into this 
decision. 

The first criteria is user requirements, which can generally be used to set the minimum 
level of service. For example, if your application requires less than 128Kbps of 
throughput, then multi-line load balancing across dial on-demand modems or ISDN 
may be a viable candidate. The higher your bandwidth need over 56Kbps, the more 
likely fractional T1 may be what you need. 

Often, the next factor involved in making a decision is cost. Generally, the lowest cost 
service meeting user requirements is chosen. Computing cost can be very tricky, 
however, due to the varying rates from telecommunications providers and the 
differences between flat-rate monthly services and metered-usage services. Some 
providers charge for Frame Relay services based on the byte-count transferred, some 
provide Frame Relay on a flat-rate basis. ISDN services can be billed on a flat-rate basis 
or on a per-minute usage basis. Point-to-Point leased circuits are almost always based 
on a flat monthly rate. 

Generally, Frame Relay is most cost-effective in areas where the application is from a 
single hub to multiple remote offices (point to multipoint) or a meshed network of 
several offices (multipoint to multipoint). In most cases. Frame Relay is more expensive 
than a single point-to-point leased line between two locations. 

ISDN is most cost effective in situations where high-bandwidth and low latency are 
desirable, but the need to exchange data is widely distributed over time. If you are 
using on-demand ISDN, you should pay close attention to your monthly ISDN usage 
bills. If the usage charges start to approach leased-line costs, perhaps it is time to 
consider switching. If you are running an ISDN dial-in pool for multiple remote offices, 
then the aggregate ISDN bill should be compared to the cost of a Frame Relay network. 
Additionally, the top 3 to 5 ISDN bills can be compared to a smaller Frame Relay 
network while the rest of the offices remain on ISDN. 

There are a variety of other trade-offs as well. Modems offer the highest latency and 
the lowest bandwidth. Next, ISDN offers better latency than modems, but still has 
fairly high latency compared to other technologies. The switching inherent in Frame 
Relay adds some latency, but less than ISDN or modems. ISDN can be used for 
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bandwidths up to 128K or further if additional B channels are used with multi-line 
load balancing or multilink PPP, while Frame Relay can scale as high as T1 or El. 
Point-to-point lines offer the lowest latency, and scale up to very high bandwidths. The 
maximum bandwidth supported by any PortMaster synchronous port is T1 (1.544 
Mbps) or El (2.048 Mbps). However, point-to-point lines also usually come at the 
highest price. 

Example Applications for PortMasters 

The different PortMaster models have different applications depending on their 
hardware configuration. Table 1-4 shows each of the products and the applications for 
which it is best suited. 


Table 1-4 Example Applications 


Product 

Example Applications 

OR-M 

For branch, small office, or home network requiring limited 
bandwidth connectivity using a modem several hours per day. 

OR-U 

For branch, small office, or home network requiring ISDN BRI 
connectivity. 

PM-2E-10 

PM-2E-20 

PM-2E-30 

For communications server applications requiring dial-up 
connectivity, Internet Service Provider access, remote access to 
login hosts, SLIP or PPP remote networking, telecommuting, 
mobile computing for sales or field personnel connections to 
the main network, and shared access to RS-232 devices such as 
modems and printers. 

The ISDN BRI expansion boards provide ISDN dial-in and 
dial-out service without a terminal adapter. Can also serve as 
an ISDN routing hub for high-end telecommuting or ISP 
services. 

PM-25 

Used for the same applications as the PM-2E but has higher 
port density and easier to manage cabling. Two PM-25s take 
the same rack space as one PM-2E-30, while providing 48 ports 
with only 6 cables. 

PM-2 

Any of the PM-2E applications that do not require 
expandability. This model provides only 10 ports. 
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Table 1-4 Example Applications (Continued) 


Product 

Example Applications 

PM-2ER-10 

PM-2ER-20 

PM-2ER-30 

For communications server applications listed for the PM-2E 
with a built-in T1 synchronous port that allows a high-speed 
connection to another site. These models are ideal for remote 
point of presence (POP) servers for ISPs or organizations that 
need to provide access to a centralized database by 20 to 60 
remote terminals or modems over leased lines. Frame Relay, 
switched 56K, or ISDN connections. For larger POPs the 

IRX-111 combined with 3 or more PM-2E's is preferable. 

PM-2R 

Especially good for small remote offices that have a 
synchronous link to a central or regional hub but also require a 
small amount of local dial-in capacity. 

IRX-111 

For IP and IPX routing between an Ethernet and a synchronous 
line up to Tl/El speeds using leased lines. Frame Relay, or 
switched 56K. Also supports ISDN with an external terminal 
adapter. 

IRX-112 

Expands the functionality of the IRX-111 by providing one port 
up to Tl/El speed and one 64Kbps port. 

IRX-114 

Expands the functionality of the IRX-111 by providing two 
ports up to Tl/El, which can allow a leased line T1 connection 
to an ISP at the same time as a Frame Relay T1 connection to 
another office. Also has two 64Kbps ports. 

IRX-211 

This product is specifically designed for building firewalls. The 
IRX-211 has a Tl/El port for Internet connectivity and two 
Ethernet ports: one for exposed hosts and one for protected 
hosts. It also has a console port for out-of-band management. 


Asynchronous Applications 

The following examples describe various uses for asynchronous ports. 

Connections Between Offices 

Office to office connections can be achieved using dial-up asynchronous connections or 
synchronous connections depending on your application. Examples of both are given 
in this guide. 
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Once a PortMaster is installed in each office and connected to the local Ethernet using 
an AUI, 10Base2, or lOBaseT connector, one or more asynchronous serial ports can be 
configured to dial another office or a set of offices when network traffic for the 
specified location exists. The two most common configurations are a "star" where 
multiple branch offices dial into a central hub which routes among them, and a "mesh" 
where every office can speak to any other office on demand. Intermediate 
configurations between "star" and "mesh" are also possible. 

To add network bandwidth on-demand, additional ports can be configured for load¬ 
balancing. These ports can be configured to connect to a location when the network 
traffic exceeds a specific level. In this configuration, multiple ports are connected 
during times of heavy traffic thereby adding bandwidth as needed and are 
disconnected when traffic drops. 

Connections to the Internet 

An asynchronous port can be set for a continuous connection to an Internet Service 
Provider (ISP) by configuring it for continuous dial out. In this configuration if the 
dial-out line is dropped, the PortMaster automatically reestablishes the connection. 

Connecting to the Internet should include packet filtering and security to ensure that 
access to the local network is restricted. 

Logging Into Remote Hosts 

Communication servers are most commonly used to allow remote users to dial into a 
network location and access a host with their local account. This configuration is also 
used by Internet Services Providers that provide many users access to shell accounts. 
PortMaster asynchronous ports are configured for login by dial-in users. When users 
dial in, they are connected with a modem, allowed to login, and then connected with a 
specified host for the current session. 

Dial-In Network Connectivity 

A PortMaster asynchronous port can provide PPP or SLIP service to a dial-in user, 
allowing them to route TCP/IP (and if using PPP, IPX as well) traffic across a modem 
to access the local network or the entire Internet. This configuration is very heavily 
used by Internet Service Providers and by corporations with remote users running 
client-server applications that require access to central hosts from home, field offices, or 
on the road. 


Example Applications for PortMasters 
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Sharing Devices Across the Network 

PortMaster asynchronous ports can be configured to allow network hosts access to 
shared devices connected directly to the PortMaster. If the network host is running the 
PortMaster in.pmd daemon, a connection can be established to a specified port on the 
PortMaster. Once the connection is established, the connected device such as a printer 
or modem, can be accessed as if it were connected directly to the host. 

Ports can also be configured to be accessed by programs using TCP/IP sockets, or by 
telnet from the network. 

Synchronous Applications 

The following examples describe various uses for synchronous ports. 

Routing Over Leased Lines 

A synchronous port can be used to connect to synchronous leased lines from 9600 bps 
to T1 (1.544 Mbps) or El (2.048 Mbps) for continuous operation. A Digital Service 
Unit/Channel Service Unit (DSU/CSU) must be attached to the WAN port on the 
PortMaster. 

Routing Over Frame Relay 

Frame Relay provides connectivity using a packet-switched network. Its two 
advantages over a leased line network are lower cost and the ability to have multiple 
Private Virtual Circuits (PVCs) come into a single physical port. It is especially popular 
for hub and spoke network arrangements, for example having a dozen field offices 
with 56Kbps or fractional T1 Frame Relay connections connect to a central office using 
a Fractional T1 or T1 Frame Relay connection. The central office requires only one 
CSU/DSU and synchronous port on the router, instead of twelve. 

Routing Over Switched 56K 

Switched 56K can be less expensive than Frame Relay in applications where short 
bursts of connectivity are required but dial-up modems do not provide enough 
bandwidth. V.25bis dialing is used to establish a link over a switched network and the 
link is brought down after a specified period with no traffic. 
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Routing Over ISDN 

Integrated Services Digital Network (ISDN) provides fast dial-up connectivity for 
applications where the expense of a dedicated Frame Relay or leased line connection is 
not called for by the amount and nature of the traffic. 

Various PortMaster products support ISDN in three different ways. Any asynchronous 
port can be connected to an asynchronous terminal adapter (TA) which can take 
asynchronous data up to 115200 bps and convert it into a 64Kbps synchronous data 
stream. A second option is to connect a synchronous port to a 128Kbps synchronous 
terminal adapter using two ISDN B channels. 

Additionally, some products have Basic Rate Interface (BRI) ports with integrated NT1 
(a U interface) for use in countries that follow USA telephone standards. These allow 
you to plug an ISDN phone line directly into the router, so no terminal adapter is 
required, making configuration much easier. Each BRI port has 2 64Kbps synchronous 
B-channels plus one 16Kbps D-channel for signalling. 

Configuration Overview 

Your PortMaster comes with software used to install and configure the PortMaster. 
This section briefly describes the installation and configuration process and where to 
find the instructions for each step. 

There are several different versions of PMconsole that can be used to configure your 
PortMaster, including PMconsole for Windows, PMconsole for UNIX, and the 
Command Line Interface. You can use one or more of these interfaces to configure your 
PortMaster. Your decision is usually based on the type of hosts available on your 
network and whether you want to use a graphical user interface (GUI). A quick 
reference guide to the command line syntax is included in Chapter 20, "Command Line 
Summary." 

To install and configure a PortMaster: 

1 . Understand networking concepts and how to configure the PortMaster. 
(Configuration Guide) 

2. Install the PortMaster hardware and set the IP address. (Hardware Installation 
Guide) 

3. Install the PMconsole software, if desired. (PMconsole Administrator's Guide) 

4. Configure the PortMaster global parameters. (Configuration Guide and 
Administrator's Guide) 


Configuration Overview 


1-15 








Introduction to PortMaster Products 


5. Configure the PortMaster Ethernet port. ( Configuration Guide and Administrator s 
Guide) 

6 . Configure the asynchronous serial port(s), if available. (Configuration Guide and 
Administrator's Guide) 

7. Configure the synchronous WAN port, if available. (Configuration Guide and 
Administrator's Guide) 

8 . If you want dial-in connections, configure the User Table, which defines the 
characteristics of dial-in users. (Configuration Guide and Administrator s Guide) 

9 . If you are using RADIUS security instead of a User Table, refer to the RADIUS 
Administrator's Guide for more information. 

10. If you want dial-out connections, configure the Location Table, which defines the 
characteristics of dial-out connections. (Configuration Guide and Administrator's 
Guide) 

11. If you want to use packet filters or access filters to provide additional security, 
configure the Filter Table, which defines input and output packet filters and access 
filters associated with ports, users, and locations. (Configuration Guide and 
Administrator's Guide) 

12. Use the specific configuration information in Chapters 11 through 18 that apply to 
your application to complete your PortMaster configuration. 

The Configuration Guide for PortMaster Products provides information you need to 
decide how to configure your PortMaster. Refer to the "Preface" for an overview of 
each of the chapters. 

The Administrator's Guide for each interface provides specific information about how to 
use that interface to configure your PortMaster. 

These guides are intended to be used together when configuring PortMasters. 

Where To Go From Here 

If you are already familiar with networking concepts and PortMaster products, 
proceed to Chapters 11 through 18 for specific configuration instructions. If you are not 
familiar with networking concepts or PortMaster products, proceed to Chapter 2, 
"Networking Concepts" and Chapter 3, "How PortMasters Work." If you need more 
information about networking, additional reading is listed in the References section at 
the end of this guide. 
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This chapter describes general network concepts that you must understand before you 
configure your PortMaster. If you are already familiar with the topics described in this 
chapter, proceed to Chapter 3, "How PortMasters Work" for information about 
possible configuration options. 

This chapter includes the following: 

• Addressing concepts for IP and IPX protocols 

• A description of how netmasks are used to help define subnets 

• Routing concepts including RIP 

• A description of SNMP management 

• A description of naming services, DNS and NIS 

• A discussion of network security issues and an introduction to RADIUS 

Network Addressing 

PortMaster products support packet routing using both IP and IPX protocols. The 
Internet Protocol (IP) is a packet-based protocol used to exchange data over computer 
networks. IP provides addressing and control information that allows data packets to 
be routed across networks. 

Novell Internet Packet Exchange (IPX) is another protocol used to exchange data over 
PC-based networks. IPX uses Novell's proprietary Service Advertisement Protocol 
(SAP) to advertise special services such as print and file servers. 

IP Addressing 

IP address descriptions are found in RFC 1166, Internet Numbers. Refer to the 
"References" chapter of this guide for more information. The Network Information 
Center (NIC) maintains and distributes the RFC documents. The NIC also assigns IP 
addresses and network numbers. When an organization applies to the NIC, a network 
number or range of addresses appropriate to the number of host devices on their 
network is assigned. 
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In the past, all IP addresses were assigned by the NIC. However, as the Internet has 
grown, this is no longer possible. As a result, IP addresses are now generally delegated 
in large blocks to Internet Service Providers (ISPs) who assign them to their customers. 
If you are connecting to the Internet, contact your Internet Service Provider for address 
assignment. 

The sections that follow describe the various types of IP addresses, how addresses are 
given, and routing issues related to IP. 

IP Address Notation 

IP addresses are written as four numbers separated by dots (periods). The leading 
zeros are dropped in IP addresses. Each number, written in decimal, represents an 8-bit 
octet (sometimes informally referred to as a byte) giving each number a range of 0 
through 255, inclusive. When strung together, the four octets form the 32-bit IP 
address. This notation is called dotted decimal. 

These examples show 32-bit values expressed as IP addresses: 

100 . 100 . 100.10 

195.32.4.200 (meaning 195.032.004.200) 

The largest possible value of a field in dotted-decimal notation is 255, which represents 
an octet where all of the bits are ones. 

IP Address Classes 

There are different classes of addresses based on the number of hosts and subnetworks 
required to support the hosts. As described in RFC 1166, IP addresses are 32-bit 
quantities divided into five classes. Each class has a different number of bits allocated 
to the network and host portions of the address. For this discussion, consider a 
network to be a collection of computers (hosts) that have the same network field values 
in their IP addresses. 

Class A Addresses 

The class A IP address format allocates the highest eight bits to the network field and 
sets the highest priority bit to 0 (zero). The remaining 24 bits form the host field. Only 
126 class A networks can exist (0 is reserved, and 127 is used for loopback networks), 
but each class A network can have almost 17 million hosts. No new class A networks 
can be assigned at this time. 
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For example: 


10. 100.232,1 


/ \ 


Network 

Address 


Host 

Address 


Class B Addresses 

The class B IP address format allocates the highest 16 bits to the network field and sets 
the two highest-order bits to 1 and 0, resulting in a range from 128 through 191, 
inclusive. The remaining 16 bits form the host field. More than 16,000 class B networks 
can exist, and each class B network can have up to 65,534 hosts. For example: 


172.16 . 232.121 


/ \ 


Network 

Address 


Host 

Address 


Class C Addresses 

The class C IP address format allocates the highest 24 bits to the network field and sets 
the three highest-order bits to 1,1, and 0, resulting in a range from 192 through 223, 
inclusive. The remaining eight bits form the host field. More than 2 million class C 
networks can exist, and each class C network can have up to 254 hosts. For example: 


192 . 168 . 20 .220 


/ \ 


Network 

Address 


Host 

Address 
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Class D Addresses 

The class D IP address format was designed for multicast groups, as discussed in RFC 
988. In class D addresses, the four highest-order bits are set to 1,1,1,0, resulting in a 
range from 224 through 239, inclusive. 

Class D addresses are currently used primarily for MBONE. Many routers, including 
those from Livingston, do not support MBONE or multicast and therefore ignore class 

D addresses. 

Class E Addresses 

The class E IP address is reserved for future use. In class E addresses, the four highest 
order bits are set to 1,1,1,1. Routers currently ignore class E IP addresses. 


Reserved IP Addresses 

Some IP addresses are reserved for special uses and cannot be used for host addresses. 
Table 2-1 lists ranges of IP addresses and shows which addresses are reserved, which 
are available to be assigned, and which are for broadcast. 


Table 2-1 Reserved and Available IP Addresses 


Class 

Address/Range 

Status 

A 

o.o.o.o 

Reserved 


1.0.0.0 through 126.0.0.0 

Available 


127.0.0.0 

Loopback networks 
(localhost) 

B 

128.0.0.0 

Reserved 


128.1.0.0 through 191.254.0.0 

Available 


191.255.0.0 

Reserved 

C 

192.0.0.0 

Reserved 


192.0.1.0 through 223.255.254 

Available 


223.255.255.0 

Reserved 

D 

224.0.0.0 through 239.255.255.255 

Multicast group 
addresses 

E 

240.0.0.0 through 255.255.255.254 

Reserved 


255.255.255.255 

Broadcast 


2-4 


Configuration Guide for PortMaster Products—December 1995 















Networking Concepts 


IP Address Conventions 

If the bits in the host portion of an address are all 0, that address refers to the network 
specified in the network portion of the address. For example, the class C address 
192.31.7.0 refers to a particular network. Historically this address was used as a 
broadcast. The current standard is to use all ones in the host portion (for example, 
192.168.1.255), however, many hosts still use all zeroes. The PortMaster can be 
configured either way, and should be set to match the other systems on your network. 



Note - Do not use an IP address with all zeros or all ones in the host portion of the 
address, since these are reserved as broadcast addresses. 


IPX Addressing 

An IPX address consists of 10 bytes (usually expressed in hexadecimal notation), which 
gives an IPX network host a unique identifier. IPX addresses are made up of two parts, 
as follows: 

• Network segment address, expressed as eight hexadecimal digits 

These 4 bytes (32 bits) specify on which segment the node resides. 

• Node address, expressed as dotted triplets of four-digit hexadecimal numbers 

These 6 bytes (48 bits) provide the MAC address of the node. 

The two elements of the IPX address are separated by a colon. Following is an example 
of an IPX address: 


00000003 : 0001.S42 3 .4561 

/ \ 

Network Node 

Segment Address Address 


The first eight digits represent the network segment, and the following 12 digits 
represent the node or MAC address of the node. All digits are expressed in 
hexadecimal. 
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Using Netmasks to Create IP Subnets 

Netmasks are used to create IP subnets and thereby divide networks into smaller more 
manageable groups of hosts. Subnetting is a scheme for imposing a simple hierarchy 
on hosts on a single physical network. The usual practice is to use the first few bits in 
the host portion of the network address for a subnet field. The official description of 
subnetting is RFC 950, Internet Standard Subnetting Procedure. 

Subnetting and Routing 

Routers and hosts can use the subnet field for routing. The rules for routing on subnets 
are identical to the rules for routing on networks. However, correct routing requires all 
subnets of a network to be physically contiguous. In other words, the network must be 
set up so that it does not require traffic between any two subnets to cross another 
network. Also, RFC 950 implicitly requires that all subnets of a network have the same 
number of bits in the subnet field. 

Livingston products support a special subnet mask that allows for noncontiguous 
subnets. However, using noncontiguous subnets is not recommended because not all 
routers support them. 

Subnet Masks 

A subnet mask identifies the subnet field of a network address. This mask is a 32-bit 
number written in dotted-decimal notation with all ones in the network and subnet 
portions of the address, and all zeros in the host portion. This scheme allows for the 
identification of the host portion of any address on the network. 
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Table 2-2 shows the subnet masks you can use to divide a class C network into subnets. 


Table 2-2 Subnet Masks for a Class C Network 


Subnet bits 

Host bits 

Number of 
Subnets 

Number of 
hosts per 
subnet 

Hexadecimal 

netmask 

Dotted decimal 
netmask 

24 

8 

i 

254 

OxffffffOO 

255.255.255.0 

25 

7 

2 

126 

0xffffff80 

255.255.255.128 

26 

6 

4 

62 

OxffffffcO 

255.255.255.192 

27 

5 

8 

30 

OxffffffeO 

255.255.255.224 

28 

4 

16 

14 

OxfffffffO 

255.255.255.240 

29 

3 

32 

6 

0xfffffff8 

255.255.255.248 

30 

2 

64 

2 

Oxfffffffc 

255.255.255.252 

32 

0 

256 

1 

Oxffffffff 

255.255.255.255 


NetMasks 


Each network on a PortMaster has an associated netmask. The single most important 
thing to understand about routing on a PortMaster is that each network number has 
ONE netmask which must be the same for all subnets; the PortMaster does not support 
variable length subnet masks. 

Therefore if the administrator mistakenly sets different netmasks on the same network, 
the PortMaster has to choose one. Here are the rules the PortMaster follows to decide 
what netmask to use when a new interface comes up. 

Anytime the PortMaster establishes a point-to-point link a host route is added. Then 
the following rules are applied if there is no static Netmask Table entry for the 
network: 

1. If the netmask is Oxffffffff, it is ignored. 

2. If no netmasks exist currently for this network, the new netmask specified in the 
interface is used. 

3. If the netmask is the same as the active netmask from an interface which 
previously existed, everything is fine and the current netmask is used. 
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4. If either netmask (the new one or the active one) is OxffffffOO, this becomes the 
preferred netmask. 

5. If the new netmask has more bits set than the active netmask, the new netmask is 
used, otherwise the original active netmask is retained. 

6. If none of these rules apply, the default netmask for the class of address is used. 
Remember, the PortMaster supports ONE netmask per network, not per subnet. 


Routing Concepts 

When a host sends an IP data packet where the destination host and the sending host 
are on the same subnet, the packet goes directly to the destination host. If the 
destination host and sending host are on different subnets, the packet goes to a router. 
Addresses make routing and packet delivery possible. 

Routing and routing protocols are two different concepts. Routing specifies which hop 
is next for a given destination. Routing protocols describe how a router updates its 
routing information. The primary function of the router is to direct packets between 
networks, delivering them to their final destination or to another router. (A router-to- 
router transmission is called a hop.) A router has two or more network interfaces to 
different networks or subnets to allow packet transmission between networks. 

To determine whether the destination host is on the same network (or subnet), the 
sending host compares the network portions of the destination address and its own 
address. If the network and subnet portion of the IP addresses are the same, the 
destination host is on the same network. If the network or subnet numbers are 
different, the destination host is on another network, and the data packet must go to a 
router. 

The PortMaster is a router that contains a routing table. A routing table is a list of 
routes. A route tells a host or router the next place to send a packet to get it closer to its 
destination. A route consists of a destination specifier, a gateway to the destination, 
and a metric to determine how desirable this gateway is for reaching the destination. 
When a router receives a packet to be forwarded, the router looks in the packet to find 
the destination address, then the routing table is consulted to find a route for the 
specified destination. Once the route is determined, the packet is forwarded to the 
associated gateway. The destination in a route can be either a host, a subnet, or a 
network. PortMasters require one subnet mask per network but do support host 
routes. 
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Note - The PortMaster key routing concept is that each network on a PortMaster has 
one subnet mask. 


A routing protocol is a method of exchanging routes between routers. RIP is a routing 
protocol described in RFC 1058, "Routing Information Protocol." The PortMaster 
supports RIP for routing both IP and IPX. All of the routing concepts described in this 
section apply to both IP and IPX packets, except that IPX has only networks, no 
subnets. 

ARP 

An Ethernet device listens for two addresses, its own MAC address and MAC 
broadcasts. If a host receives an ARP request and its own IP address is the one 
requested, it replies to the ARP requester with its own MAC address. The requester 
then adds the IP address and MAC translation to its own ARP cache for future use.The 
PortMaster ARP cache entries expire after 15 minutes. Near the end of the 15 minute 
interval the PortMaster sends another ARP request to refresh the entry. 

Proxy ARP 


Livingston products support proxy ARP. ARP is used to discover the Media Access 
Control (MAC) address associated with a given IP address. The PortMaster responds to 
ARP requests for addresses if it knows of a route to the address through another 
interface. 

As a result, if a dial-in user is given an address on the same subnet as the PortMaster 
Ethernet interface, hosts on that Ethernet can ARP for the IP address of the dial-in user 
and the PortMaster responds to the ARP request with its own Ethernet MAC address. 

Livingston's Implementation of Routing 

The router gathers and maintains information in a routing table that enables the 
transmission of data between networks. The routing table contains an entry for each 
identified route and can be configured statically, maintained by the router dynamically 
via RIP, or both. 


PortMasters determine if a packet is local or needs to be routed based on the 
destination IP address of the packet, and the IP address and subnet mask of the 
PortMaster Ethernet interface. For example, if the PortMaster Ethernet address is 
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192.168.1.1 and the netmask is set to 255.255.255.0, then all hosts with addresses 
between 192.168.1.1 and 192.168.1.254 are deemed local hosts and packets for these 
hosts do not require routing. 

If a packet requires routing, the routing table is consulting with one of two results, if a 
route is found the packet is sent to the gateway specified in the route, if no route is 
found the packet is discarded and an ICMP unreachable packet is sent to the source of 
the packet. The gateway is always expected to be one hop away. 

Routing can occur over Ethernet, synchronous, and asynchronous lines. RIP updates 
can be turned on or off for individual interfaces. Routing over asynchronous lines can 
provide significant savings for small offices by allowing the use of regular phone lines 
instead of expensive leased lines. 

PortMasters can send default route information as part of normal RIP messages, if 
routing is turned on. Static routes can be defined and used. PortMasters support host 
routes, subnet routes (although all netmasks must be the same for a given network 
number) and network routes. 

Each interface can be configured to listen to routing updates, broadcast routing 
updates, both, or neither. 

• Broadcast—Sends RIP information to the interface. 

• Listen mode—Accepts RIP information on the interface. 

Routing is set on the Ethernet interface(s), hardwired network ports, in the User Table 
or RADIUS for dial-in users, and in the Location Table for dial-out locations. IPX 
routing is supported using RIP and Novell's Service Advertisement Protocol (SAP). 



Note - An interface is defined as the virtual connection between a PortMaster port and 
the network to which it is connected. The connection can be permanent as with the 
Ethernet interface or network hardwired ports, or it can be temporary, as with ports 
used for dial-in or dial-out connections. 


For more information about how the PortMaster works, refer to Chapter 3, "How 
PortMasters Work." 
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Routing Table 

The PortMaster maintains a Routing Table that is divided into three parts. 

• Default Gateway 

- Learned gateway, which is learned externally 

- Primary gateway, which is learned when you specify a gateway durine 

configuration 6 

• Host Route Table 

• Network Route Table 

Host and network routes are stored in hashed lookup format which fixes the lookup 
time regardless of the number of entries. The show routes command shows the 
default route first (if any), then host routes, then network routes, expired routes that 
are no longer being advertised are displayed at the end. Routes that have very recently 
expired are marked with an O and are advertised with a hop count of 16 in RIP 
(unreachable). These routes appear mixed with the other host or network routes; after 
they are no longer advertised they appear with the other expired routes in the last 
section. 

Each routing table entry includes the following information: 

• Destination 

• Gateway 

• Metric 

• Flags 

• Interface 


When a routing table entry is needed, first the host route table is examined. If no route 
is found, the netmask table is queried for the netmask associated with the given IP 
address and a network address is calculated. The network route table is examined for 
that network address. If no route is found, the learned gateway is used if it exists, 
otherwise the primary gateway is used. If no route is found an ICMP Unreachable 
message is returned to the source address indicating that no route was found, and the 
packet is discarded. 

Static routes are never overwritten with learned (dynamic) routes, but if a default 
gateway with a better metric than the primary gateway is learned and default routes 
are being listened for, the new gateway is set as the learned gateway. In addition, the 
learned gateway is replaced if a default gateway with a lower metric is found. 
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Routing table entries are aged according to the following formula. For RIP, updates are 
expected every 30 seconds. After 120 seconds if another route for a given destination is 
observed, the new route is used for the destination. After 180 seconds without an 
update, we make the route obsolete by setting its metric to 16. The routing timer is 
suspended if an on-demand interface is suspended. Routes are only valid for active 
interfaces. If an interface goes down, all routes that go through the interface are 
examined. If the specified gateway is available using another interface, the route is 
moved to the active interface. Otherwise the routing table entry is marked as obsolete. 
The routing table flags are described in Table 2-3. 


Table 2-3 Routing Table Flags 


Flag 

Definition 

Description 

H 

Host 

Host route 

N 

Network 

Network route 

L 

Local 

This network or destination is directly attached. If this 
is a point-to-point link it can be reached by sending the 
packet down the link; otherwise, we can reach hosts on 
this network with an ARP request. 

S 

Static 

Route was added through the static route table 

D 

Dynamic 

The route was learned via RIP 

C 

Changed 

Changed recently but not yet propagated via RIP 

O 

Obsolete 

Obsolete, marked for deletion 



Note — A gateway is always expected to be one hop away. The PortMaster never looks 
up a gateway again in the routing table. 


IPX routing works the same as IP routing except there are no host routes. 

Default Gateway 

If you specify a default gateway, all packets to destinations not found in the routing 
table of the PortMaster are forwarded to the default gateway. A router with more 
extensive route information than the PortMaster is usually specified as the default 
gateway, for example, the upstream Internet Service Provider router. 
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Managing Network Devices Using SNMP 

The Simple Network Management Protocol (SNMP) is an application layer protocol 
that allows devices to communicate management information. SNMP has the following 
parts: 6 

• An SNMP agent (provided in ComOS) 

• An SNMP manager (not provided) 

• A Management Information Base (MIB) 

SNMP specifies the message format for exchanging information between the SNMP 
manager and an SNMP agent. The SNMP manager is typically part of some Network 
Management System (NMS). 

The SNMP agent contains MIB variables that can be changed or queried by the SNMP 
manager. The agent gathers information from the MIB, which resides on the target 
device. MIB information can include device parameters and network statistical data. 
The agent is capable of responding to requests to get or set data from the manager. 

Livingston products provide both MIB I and MIB II support as specified in RFC 1213. 
SNMP management can be enabled for any PortMaster. 

Community Strings 

Community strings allow you to control access to the MIB information on selected 
SNMP devices. The read and write community strings act like passwords to permit 
access to the SNMP agent information. The read community string must be known by 
any device allowed to access or read the MIB information. The default read community 
string is "public". The write community string must be known by any device before 
information can be set on the SNMP agent. The default write community string is 
"private". Community strings should be set on SNMP agents so that configuration 
information is not changed by unauthorized users. 

Read and Write Hosts 

PortMaster products allow you to control SNMP security by specifying the IP 
addresses of the hosts that are allowed to access SNMP information. The specification 
of read and write hosts allows another level of security beyond the community strings. 
If SNMP hosts are specified, each host wanting to access SNMP information must not 
only possess the correct community string, they must also be on the read/write host 
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list. This additional level of security allows only authorized SNMP managers to access 
or change sensitive MIB information. Use of the default write community string 
(private) is strongly discouraged. 

Using Naming Services and the Host Table 

Naming services are used to associate IP addresses with host names. Many networks 
use the Domain Name System (DNS) or the Network Information Service (NIS) for 
mapping host names to IP addresses. Both services are used to identify and locate 
objects and resources on the network. The IP address of the name server must be 
specified during the configuration process in order to use DNS or NIS. 

PortMasters allow you to specify an internal host table, which can be used in addition 
to DNS and NIS. The host table allows each unique IP address to be aliased to a unique 
name. The host table is consulted when a port set for host access prompts for the name 
of the host. The table is used to identify the IP address of the requested host. If the user 
specified host name is not found in the hosts table then NIS or DNS is consulted. 


Note - The internal host table should only be used when no other host mapping 
facility is available. This reduces confusion and the amount of network maintenance 
required. 

Managing Network Security 

PortMaster products allow you to maintain network security using a variety of 
methods. Security is a general term that refers to restricting access to network devices 
and data. To enable security features, you must identify sensitive information, find the 
network access points to the sensitive information, and secure and maintain the access 
points. 

PortMaster security methods include: 

• Dial-back for remote access users 

• Local passwords before connections are established 

• Access control filters for host connections 

• Inbound and outbound packet filtering 

• ip packet filtering by protocol, source and destination address, and port 

• IPX packet filtering by source and destination network, node, and socket 
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• SAP filtering 

• PAP and CHAP authentication protocols for PPP connections 

• Password security for administrative access 

• Remote Authentication Dial In User Service (RADIUS) support 

Each of these security methods is described in more detail later in this guide. All or 
some of these security methods can be configured as you configure the system-wide 
parameters and each interface. RADIUS is described in the next section; however, for 
more information about configuring RADIUS, refer to the RADIUS Administrator's 
Guide. 

RADIUS 

RADIUS is a protocol invented by Livingston Enterprises that provides security for 
distributed network environments. RADIUS provides an open and scalable 
client/server security system. The RADIUS server can be adapted to work with third- 
party security products or proprietary security systems. Any communications server or 
network hardware that supports the RADIUS protocol can communicate with a 
RADIUS server. 


RADIUS consolidates all user authentication and network service access information 
on the authentication (RADIUS) server. The server can authenticate users against a 
UNIX password file, NIS databases, or a separately maintained RADIUS database. The 
PortMaster acts as a RADIUS client and sends authentication requests to the RADIUS 
server and acts on responses sent back by the server. For more information about 
RADIUS, refer to the RADIUS Administrator's Guide. 
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How PortMasters Work 3 


This chapter provides an overview of how a PortMaster operates and describes each of 
the ways an asynchronous serial port on a PortMaster can be used. A detailed 
discussion of each use is included along with an example. The purpose of this chapter 
is to give you an idea of what the PortMaster capabilities are so you can choose how to 
configure your system. Synchronous port uses are described in Chapter 7 and Chapters 
15 through 18. F 

The following operational information is provided: 

• What happens when a PortMaster is booted 

• What happens during normal PortMaster operation 

• An overview of ports and interfaces 

• Managing security on a PortMaster 

• Understanding the port states 

The following asynchronous port configurations are discussed: 

• Configuring a port to allow users to login to a computer on the network using 
telnet, rlogin, pmd, or netdata application services. 

• Configuring a port to allow computers to access shared devices on the PortMaster, 
such as a printer or modem. 

Configuring a port to allow outside users to dial in to the network and inside users 
to dial out to other networks using SLIP or PPP. 

Configuring a port for a permanent connection to a leased-line modem, async to 
sync converter, or Frame Relay Asynchronous Device (FRAD). 

Detailed configuration information for asynchronous ports is described in Chapter 6, 
"Configuring an Asynchronous Port." Usage and configuration information for 
synchronous ports is described in Chapter 7, "Configuring a Synchronous WAN Port." 
Specific examples of different configurations are given in Chapters 11 through 18. 
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Understanding PortMaster Operation 

This section describes what happens when a PortMaster connection is requested and 
initiated. Many of the terms used in this section are defined later in the guide so it may 
be confusing at first. However, take the time to read this section. The information 
contained is very useful for understanding how the PortMaster works. 

Booting the PortMaster 

When you turn the power on, the PortMaster runs self-diagnostics (displaying the 
results to port SO if the console dip switch is up). The PortMaster then checks the status 
of the network dip switch. 

If the network dip switch is down, the PortMaster boots from the ComOS stored in 
nonvolatile flash RAM. The PortMaster has 512 KB of Flash RAM divided into four 
banks, and 1 MB of DRAM (expandable to 4 MB or 16 MB) 1 . Flash RAM banks 0,1, 
and 3 store the compressed ComOS. Bank 2 stores the saved configuration. The 
PortMaster uncompresses and loads the ComOS into DRAM. If a valid ComOS is not 
found in Flash then it attempts to boot from the network as described in the next 
paragraph. 

If the network dip switch is up, or if a valid ComOS is not found in Flash, the 
PortMaster sends a RARP message to the etherO Ethernet interface to find its IP 
address. If it gets a reply it then attempts to boot itself across the network using TFTP 
to download a netbootable ComOS image from the host that replied to the RARP. The 
TFTP process begins by transferring the /1 f tpboot / ADDRESS. TYP file where 
ADDRESS is the uppercase 8-character hexadecimal expression of the IP address of the 
PortMaster and TYP is the 3 character boot extension describing the model of 
PortMaster, as shown in Table 3-1. If /tf tpboot/ADDRESS. TYP is not found, the 
PortMaster then requests /1f tpboot /GENERIC. TYP. 


Table 3-1 Boot Extensions 


Boot Extension 

PortMaster Model 

PM2 

PM-2, PM-2E, PM-2R, PM-2ER 

IRX 

IRX, any model 

P25 

PM-25 

PMO 

PortMaster Office Router, any model 

l.The DRAM in the PortMaster Office Router is not expandable. 
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The ComOS can also be downloaded via serial cable through the console port see 
Network Booting" on page 19-12. 

Once the ComOS is loaded and running, the user configuration is loaded from Flash 
bank 2. If no address is configured for the Ethernet interface and no address was 
m ta “f d from netb ooting, the PortMaster now sends a RARP message to discover its 
IP address. This action can be monitored by the "Install New PortMaster" option of 
pminstall on SunOS 4.1.3. If the PortMaster receives a reply to the RARP message, its 
IP address is set in dynamic memory. 

At this point the PortMaster is fully booted with its configuration loaded into DRAM. 
This process takes less than a minute. After successfully booting, the Status LED will 
be on, blinking off once every 5 seconds. Refer to the Hardware Installation Guide for the 
location of the Status LED and for troubleshooting procedures if the LED is not 
behaving as described. 

After the PortMaster Boots 

Once the PortMaster has successfully booted, all Ethernet interfaces are started, 
modem initialization strings are sent to asynchronous ports that have modem table 
entries defined, and all network hardwired ports and continuous dial-out locations are 
initiated. The PortMaster then attempts to dial out to all on-demand locations that 
have any form of routing set for them, so that it can exchange routing information. 
Broadcasting and listening for routing packets is started on interfaces configured for 
routing. 

If there are any ports configured as host devices using the PortMaster device service, 
TCP connections are established to the in. pmd PortMaster daemon running on those 
hosts at port 1642. The PortMaster also listens for TCP connections to any ports 
configured as network devices. In addition, the PortMaster listens for the PMconsole 
connection on TCP port 1643, for administrative telnet sessions and for SNMP requests 
(if configured to do so). 

Less than a minute has passed since the power switch was turned on. The PortMaster 
is now ready to begin providing dial-in and dial-out service. 

PortMaster Operation 

When the PortMaster receives packets going to an on-demand location that is 
suspended (not currently active) it dials out to that location if a line is available. If idle 
timers expire on a connection, the connection is brought down, freeing the port for 
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other uses. At regular intervals the packet queues are checked for dial-out locations 
configured for multi-line load balancing to see if more bandwidth is needed, and if so, 
the PortMaster dials out on an additional port and adds that to the existing interface. 

When users dial in they are authenticated and provided with their configured service. 

Ports and Interfaces 

To fully understand how the PortMaster works, it is absolutely vital to understand the 
distinction between port and interface. A "port" refers to either a TCP or UDP port, or 
more often to a physical port on the PortMaster, such as SI or Wl, whether 
asynchronous or synchronous. The Ethernet connector is also sometimes referred to as 
a port. Some models also have a parallel port, PO, for connecting a printer for use as a 
host device or (more rarely) a network device. These are all ports. 

An "interface" refers to a logical (as opposed to physical) routing construct. For 
example, etherO is an interface, but also a port. SI is a port, and if it was used for a 
network hardwired connection as a point-to-point link using SLIP or PPP it would 
have an attached interface called "ptpl". However if SI and S2 were both used to 
connect to another site using multi-line load balancing, there would still be only one 
interface, either "ptpl" (if SI connected first) or "ptp2" (if S2 connected first). If a user 
dialed into port S3 and established a SLIP or PPP connection the new interface would 
be called "ptp3". However, if instead of establishing a network connection the user 
established a telnet connection to a host, no interface would be created. 

On-demand locations always have interfaces associated with them, typically starting at 
one higher than the number of ports. For example, if you have a 30 port PortMaster, 
your on-demand locations will start at ptp30 and count up from there. When there is 
an active connection established an on-demand interface looks like any other. When 
there is no active connection, the on-demand location is said to be suspended. 

A synchronous port can use Frame Relay instead of PPP; Frame Relay interfaces are 
called "frml" instead of "ptpl". Some models call their synchronous port Wl rather 
than SI because they already have an asynchronous port SI; thus you may see 
interfaces called "ptpWl" or "frmWl" as well. You can even have two Frame Relay 
interfaces on a single Frame Relay port, assigning each PVC to one or the other. 

ISDN interfaces are slightly more complicated. Some PortMaster models have ISDN 
BRI ports with integrated NT1, which is called a "U interface" in ISDN terminology, 
but that "interface" should not be confused with the kind of interface we have defined 
in this section. These ports are physically an RJ-45 jack, accepting an 8-pin RJ-45 
connector directly from an ISDN phone line in countries following the USA telephone 
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standards. The ISDN BRI port uses two of the wires to provide two B-channels for data 
and one D-channel for signalling. The two B-channels are treated as two ports for the 
purpose of configuration, even though they come in on one physical port. So you have 
one physical U interface going to two ports (say S10 and Sll) which can become two 
interfaces "ptplO" and "ptpll" for two different users. 

If you are using the command line interface, the ifconfig command shows you all 

t e current interfaces, and the show arp interface command shows you ARP table 

entries for Ethernet and Frame Relay interfaces. 

PortMaster Security Management 

PortMaster security is controlled through the User Table or RADIUS security. When a 
dial-in user attempts to authenticate at the login prompt, the PortMaster uses the entry 
in the User Table that corresponds to the current user. This process applies to both PAP 
and CHAP authentication as well. If the password entered by the user does not match, 
the PortMaster denies access with an "Invalid Login" message. If there is no User Table 
entry and Port Security is off, the PortMaster passes the user on to the Host defined for 
that port using the selected Login Service. In this situation the specified host is 
expected to authenticate the user. 

If Port Security is On and the user was not found in the User Table, the PortMaster 
queries the RADIUS server if one has been configured. If the user name is not found in 
the User Table, Port Security is On, and no RADIUS server is configured in the global 
configuration of the PortMaster, access is denied with an "Invalid Login" message. If 
the RADIUS server is queried and does not respond within 30 seconds (and neither 
does the alternate RADIUS server), access is denied with an "Invalid Login" message. 

Access can also be denied if the specified Login Service is unavailable — for example, if 
the PortMaster Login Service has been selected for the user but the selected host does 
not have the in.pmd PortMaster daemon installed, access is denied. Access is denied 
with the Host Is Currently Unavailable" message if the host is down or otherwise not 
responding to the login request. 

If an access filter is configured on the port and the login host for the user is not 
permitted by the access filter, the PortMaster refuses service with an Access Denied 
message. If the access override parameter is set on the port, the PortMaster asks the 
user to authenticate himself, even though the default access filter would deny access. 

Refer to the RADIUS Administrator's Guide for more information about RADIUS. 
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Port Status 

Each of the PortMaster ports has a status at all times. Each status is described in 
Table 3-2. 

Note - On older Livingston expansion boards (ports sl0-s29) and system boards (s0-s9) 
the carrier signal floats high if nothing is attached; in this case the port shows a status 
of USERNAME. This condition is harmless. Newer boards pull carrier low if nothing is 
attached to the port; in this case the port status is IDLE. 


Table 3-2 PortMaster Port Status 


Status 

Description 

IDLE 

The port is not in use. 

USERNAME 

The Login Prompt is displayed on the port. 

HOSTNAME 

The host: prompt is displayed on the port. 

PASSWORD 

The Password: prompt is displayed on the port. 

CONNECTING 

A connection is being established on the port. 

ESTABLISHED 

A connection is active on the port. 

DISCONNECTING 

The connection has just ended and the port is returning to 
the IDLE state. 

INITIALIZING 

The modem attached to the port is being initialized by the 
modem table. 

COMMAND 

The command line interface is being used on the port. 

NO-SERVICE 

An ISDN port is not receiving service from the telephone 
company. 
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Allowing Users to Login to a Host 

PortMasters can be configured to allow dial-in users to log into a specified host or be 
prompted for a login host. This configuration is called user login. In user login mode, 
after the attached modem answers and completes rate negotiation, the user is 
prompted for their login name. Once the user is identified as a valid user through the 
PortMaster internal User Table or RADIUS security, a login session is established on 
the host specified for the port. The User Table is described in Chapter 8, "Configuring 
Dial-In Users." Figure 3-1 shows a diagram of this configuration. 



Figure 3-1 User Login Configuration 


In Figure 3-1 after the user named "susan" is verified as an authorized user, susan is 
connected to the host named "sales," specified as the host for this port. The port type, 
user login, can be selected along with the host device and network port types. Each 
port can be set for several different functions, giving the PortMaster configuration 
more flexibility. However, each port only operates in one mode at a time. For example, 
if a port connects a dial-in user login request, this port cannot be used for anything else 
until the current session is terminated. The port is then available for dial-out use or any 
other purpose specified when the port was configured. 
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Once the user login port type has been selected you have several options for the login 
service you want. The login service defines the method used to connect the login user 

to the host. 

Login Services 

The following login services can be selected: 

• PortMaster login (in. pmd) 

• Rlogin 

• Telnet 

• Netdata 

PortMaster Login Service 

The PortMaster login service is the most efficient and highest performance login 
service. This service can be used with any workstation that has the PortMaster in.pmd 
daemon software installed. PortMaster login is the default and preferred service 
because it allows the specified port to operate like a serial port on the host. This service 
also consumes fewer resources on the host by requiring only one daemon per 
PortMaster rather than one daemon per user. 

Rlogin Login Service 

Rlogin is the remote login service. This service is used primarily by UNIX 
workstations, although not exclusively. Generally, it is preferable to use rlogin because 
rlogin is able to carry certain user session parameters forward. Use rlogin in 
environments where it is supported by the hosts, but PortMaster service is not. 

Telnet Login Service 

Telnet is a terminal protocol supported by most computers using the TCP/IP protocol. 
Once the connection is established, keystrokes are passed from one system to the other. 
Telnet service should be used in networks where rlogin or PortMaster login service is 
unavailable. 

Netdata Login Service 

The netdata type of login service provides a TCP clear channel on which 8-bit data is 
passed without interpretation. This service can be used to connect the selected port to 
another serial port on a different PortMaster. Netdata is most commonly used for 
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special applications that use a socket interface. This login service provides a direct data 
ink from the device connected to the PortMaster port to the application. With this type 
o socket connection, no special option negotiation or protocol is required. Netdata is 
more commonly used for outgoing connection from the host application to the device 

attached to the PortMaster, rather than as login service. However, it can be used either 
way. 

The default TCP port number for the netdata service is 6000, but you may specify any 
TCP port number from 1 to 65535. y 


Allowing Access to Shared Devices 

One of the functions of a communications server is to provide network users access to 
s ared devices such as printers and modems. This can be done if the port connected to 
the printer or modem is configured as a host device port. This configuration is also 
useful for tip and uucp services. 

Once a port is defined as host device, a device service must be selected that defines the 
method used to connect the user to the specified port and device. Host device services 
include: PortMaster, rlogin, telnet, and netdata. 

Host device ports can be accessed by establishing a pseudo-tty connection to the port 
from a UNIX host with the PortMaster daemon software installed. In this case, the port 
operates as a host-controlled device. Figure 3-2 shows a diagram of the host device 
configuration using the PortMaster device service and a pseudo-tty connection. This 
configuration is most commonly used to access shared devices such as printers. 



Figure 3-2 Host Device Configuration 


Allowing Access to Shared Devices 
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Figure 3-3 shows a diagram of the host device configuration where the device service is 
set as rlogin, telnet, or netdata. In this configuration the host device name is set as 
/dev/network. This configuration is used in cases where users want to telnet or 
rlogin to the shared device before transferring data, such as with a modem. 


[ Modems 


fyvinjston 
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Figure 3-3 Network Device Configuration 

Once the port type is set as host device, the device service must be selected and the 
host name entered. If the device service is set to PortMaster for pseudo-tty operation, a 
host name must be specified either in the port configuration or as the global default 
host. In addition, the PortMaster in.pmd daemon must be installed on the specified 
host. 


Device Services 

The device service defines the method used to connect a host to a host device port. The 
following device service options can be selected: 

• PortMaster 

• Rlogin 

• Telnet 

• Netdata 
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PortMaster Device Service 

The PortMaster device service is the most efficient and highest performance service. 
This service can be used with any workstation that has the PortMaster in.pmd 
daemon installed. PortMaster service is the default and preferred service because it 
allows the specified port to operate like a serial port installed on the host. 

If this service is selected, the host device name must be the name of a pseudo-tty 
device listed in the /dev directory of each UNIX host with access to the shared device. 
The standard device entries have the following ranges: 

/dev/ttypO through /dev/ttypf 
/dev/ttyqO through /dev/ttyqf 
/dev/ttyrO through /dev/ttyrf 
and so on. 

Since these tty devices can be dynamically selected for use by a variety of host 
programs, devices from the end of the tty list should be used for PortMaster shared 
devices. Most programs start their selection from the beginning of the device list, so 
selecting devices at the end of the list minimizes the possibility of finding a device 
unavailable. 

This configuration is sometimes referred to as the host device configuration because 
the shared device you are connecting to through the PortMaster is known to the host as 
/dev/tty**, where ** is the specific device identifier. 

Rlogin Device Service 

Rlogin is the method for logging into a remote machine from a workstation. Once the 
login and password procedures are completed, a session is started on the host. In the 
case of device service, once the session is successfully established, the host applications 
can directly read and write data to the PortMaster serial port. No password is required 
for a PortMaster rlogin device service connection. 

If multiple ports on the PortMaster are configured for rlogin host device service, a pool 
of available ports is formed automatically by the PortMaster. Once all of the available 
ports are occupied with hosts, new users are given a "Connection Refused" message. 

In this configuration, the device name must be set to /dev/network. 


Allowing Access to Shared Devices 
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Telnet Device Service 

Telnet is a remote terminal protocol supported by most computers using TCP/IP 
protocols. Telnet allows the user at one site to establish a TCP connection to a login 
server at another site. Once the connection is established, keystrokes are passed from 
one system to the other. Telnet service should be used in networks where a variety of 
hardware devices with different operating systems must use the selected port. 

In this configuration, the device name must be set to / dev/network. 

The default TCP port number for telnet is 23; however, another TCP port can be 
specified on a per-port basis. All ports with a common telnet port number form a pool, 
similar to the rlogin pool. 



Note - If you use telnet to administer the PortMaster, you should select a different TCP 
port number for your administrative telnet port. 


Netdata Device Service 

The netdata type of device service provides a TCP clear channel on which 8-bit data is 
passed without interpretation. This service can be used to connect to the selected port 
from another serial port on a different PortMaster. This configuration can provide 
network connections between hosts on different networks. Netdata is most commonly 
used for special applications that use a socket interface. This device service provides a 
direct data link from the application to the device connected to the PortMaster port. 
With the socket connection, no special option negotiation or protocol is required. 

The default TCP port number for the netdata service is 6000, but you may specify 
another port. 

In this configuration, the device name must be set to /dev/network. 

Selecting the host device port type with the rlogin, Telnet, or netdata device service is 
sometimes referred to as the network device configuration because the shared device 
you are connecting to through the PortMaster is specified as /dev/network. 
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Allowing Network Dial-In and or Dial-Out Operation 

You can configure PortMaster ports for network dial-in only operation, dial-out only 
operation, or both dial-in and dial-out operation. You can select dial-in and dial-out 
operation with the login and device operation discussed in the previous sections. 

Network Dial-In Operation 

Network dial-in only operation may be set on ports dedicated to answering requests 
from mobile or home users. In this configuration, the selected port is used to allow an 
authorized user to connect to the network for mail, file, and other services using Serial 
Line Internet Protocol (SLIP) or Point-to-Point Protocol (PPP) encapsulation. Figure 3-4 
shows how the PortMaster provides network connectivity for remote users. 



Figure 3-4 Dial-In Only Port Configuration 
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Network Dial-Out Operation 

Network dial-out only operation may be set on ports dedicated to Internet connections 
or connections to another office. In this configuration, the port is used to establish 
communication from the PortMaster to an outside location. SLIP or PPP are used for 
these types of connections. Figure 3-5 shows an example of a dial-out only 
configuration. 



Figure 3-5 Dial-Out Only Port Configuration 


Network Dial-In and Dial-Out (Two Way) Operation 

Dial-in and dial-out operation on a selected port is called two way operation or 
dial-in & out operation. Two way operation is specified for ports where both dial-in 
and dial-out service are needed. Dial-in services with modems allow users to connect 
to the main network without the cost of leased-line connection. This method can also 
be used for connecting to remote sites that need only occasional telecommuting or 
backup connectivity. 

To configure dial-in and dial-out operation, the port type must be set to network then 
the network type is set for dial-in & out. This configuration is explained in more detail 
in Chapter 6, "Configuring an Asynchronous Port." 
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As mentioned in "Network Dial-In Operation" on page 3-13, SLIP and PPP are used to 
define the method of sending IP packets over standard asynchronous lines with a 
minimum line speed of 1200 baud. These encapsulation methods allow you to establish 
connections on an as-needed basis to reduce phone costs. 

Using SLIP for Dial-In/Dial-Out Operation 

The Serial Line Internet Protocol (SLIP) is an older protocol than PPP and not as 
robust. However, some hosts only support SLIP. The type of protocol allowed is 
specified for each dial-in user, dial-out location, or network hardwired port. 



Note - Hardware flow control (RTS/CTS) should be used for all SLIP and PPP 
connections. 


Using PPP for Dial-In/Dial-Out Operation 

The Point-to-Point Protocol (PPP) is a method of encapsulating network layer IP 
protocol information on asynchronous point-to-point links. PPP is described in RFCs 
1331 and 1332. Livingston's implementation of PPP provides autodetect PPP support 
for the Challenge Handshake Authentication Protocol (CHAP) and Password 
Authentication Protocol (PAP) on serial ports running PPP. ComOS 3.3 and later 
supports multilink PPP as described in RFC 1717. 

PAP and CHAP Authentication 

When a port is configured for PPP the PortMaster autodetects PPP. If a user dials into 
the port and starts sending PPP packets, the PortMaster starts LCP negotiation and 
asks the user to authenticate using PAP. If the user refuses PAP authentication, the 
PortMaster asks the user to authenticate using CHAP. If the user refuses CHAP 
authentication, the PortMaster hangs up. 

If the user accepts PAP authentication, the user sends a PAP ID and PAP password to 
the PortMaster. The PortMaster treats the ID and password as if it were the user name 
and password. 
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If the user accepts CHAP authentication, the communication server sends a CHAP 
packet to the user. The user is "challenged" to respond. The challenge includes an ID, 
a random number, and either the host name of the local communications server or the 
name of the user. The user is required to respond with an encrypted version of the ID 
and a user name. 

When the PortMaster receives the response, the secret is verified by looking up the 
user name given in the response and performing the same encryption operation. Before 
a connection is established the passwords must be the same on both ends of the 
connection. This protocol prevents other network devices from stealing the password 
and gaining illegal access to the network because the secret is never transmitted. A 
correct response is required before a network connection is established. 

CHAP authentication occurs only at the time the connection is established. No 
verification is performed while the connection is active. Both the local communication 
server and the remote device must support CHAP in order to use this protocol. 

To configure PAP or CHAP for PPP users, the local User Table or RADIUS must have 
an entry for each authorized user that includes the user name and password. The 
passwords on both ends of the connection must be identical or the authentication 
process fails. 

To disallow PAP authentication and only accept CHAP, use the set pap off 
command. 

Establishing a Permanent Asynchronous Connection 

A permanent network connection can be established. In this configuration, no modem 
dialing or authentication protocol is required. This configuration is designed for 
connections to modems configured for leased-line operation, async to sync converters, 
or Frame Relay Asynchronous Devices and can use SLIP or PPP with IP and IPX. 
Livingston calls this configuration Hardwired where the Port Type parameter is set to 
Network and the Network Type parameter is set to Hardwired. 



Note - When the network type is Hardwired the port type must be network only. This 
configures a continuous uninterrupted connection on this port. 
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An example of a Hardwired port is shown in Figure 3-6. 



Hardwired connections on asynchronous ports provide the continuous connection 
advantage of a synchronous port (at lower bandwidth) without the cost of Tl-line 
connection. 

Once the port is set for a hardwired connection, additional parameters specifically 
related to this type of connection must be set. These parameters include Protocol, TCP 
Header Compression, Maximum Transmission Unit (MTU), routing, and assigning an 
IPX network to the line if you are using the IPX protocol. 


Establishing a Permanent Asynchronous Connection 


3-17 




































































How PortMasters Work 


3-18 


Configuration Guide for PortMaster Products- 


-December 1995 












Configuring a PortMaster 


4 


This chapter describes the steps required to configure a PortMaster. These steps are not 
ependent on which user interface you are using to configure your system. The 
Administrator's Guide for your user interface describes how to set each option The 
purpose of this chapter is to review the overall steps required to configure a 
PortMaster and describe the global parameters. 

Each of the possible global parameters are described in this chapter; however, you 
must only configure the parameters required for the configuration you want. Example 
configurations are described in Chapters 11 through 18. 

This chapter includes the following topics: 

• Configuration tips 

• Overview of how to configure a PortMaster 

• Configuring global (system-wide) parameters 

• Setting static routes 

Configuration Tips 

PortMaster configuration can be confusing because networking parameters can be set 
for a port, a user, or a location. Use the following tips to determine how to configure 
your PortMaster: 

If you are configuring a network hardwired port, configure the networking 
parameters on the port. 6 

If you configure one or more ports for dial-out operation, configure the networking 
parameters for the dial-out locations using the Location Table. 

If you configure one or more ports for dial-in operation, configure the networking 
parameters for the dial-in users using the User Table. 

• If you configure a network dialback user, configure the dialback location in the 
Location Table and refer to the location name in the User Table. 


Configuration Tips 
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Overview of PortMaster Configuration Steps 

The exact PortMaster configuration steps depend upon the hardware you are installing 
and your network configuration. However, the general configuration steps are the 
same for all PortMaster products, as follows: 

• Connect the hardware as your configuration requires. 

• Attach a terminal to the console port and boot the system. 

• Log in to the system as the administrator and configure the system address. 

• You can now disconnect the console and use the graphical user interface, 
PMconsole, to configure your system, or continue your configuration using the 
command line interface. 

• Install the PMconsole software on a workstation anywhere on your network. 

• Run PMconsole and log in to the new PortMaster using its host name or address, 
and a password, if set. 

• Open the Edit Global parameters window and configure the PortMaster global 
parameters. 

Each of the PortMaster global parameters is described later in this chapter. 

• Open the Edit Ethernet parameters window and configure the Ethernet, IP and IPX 
protocol parameters for your network. 

Each of the PortMaster Ethernet parameters are described in detail in Chapter 5, 
"Configuring the Ethernet Interface." 

• Select the first asynchronous port and open the edit port window, then configure 
the asynchronous port parameters. The modem parameters are also set at the same 
time. 

Each of the PortMaster asynchronous port parameters are described in detail in 
Chapter 6, "Configuring an Asynchronous Port" along with modem configuration 
parameters. 

• Repeat the port configuration for each asynchronous port or use the clone feature 
of PMconsole to configure additional ports. 

• Select the first synchronous port, if available, and open the edit port window. Then 
configure the synchronous port parameters to allow for a leased line, ISDN, Frame 
Relay, or switched 56K connection. 

Each of the PortMaster synchronous port parameters are described in detail in 
Chapter 7, "Configuring a Synchronous WAN Port." 
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Repeat the port configuration for each synchronous port, if more than one is 
available. 

• If you are not using RADIUS, open the User Table and enter each authorized user 
for your network along with their user type, password, and other configuration 
information. 

Each of the User Table parameters are described in detail in Chapter 8, 
"Configuring Dial-In Users." 

Open the Location Table and enter each of the authorized dial-out destinations for 
your network along with location parameters. If you are configuring a 

synchronous interface for an ISDN connection, enter your ISDN dial script in the 
Location Table. v 

Each of the Location Table parameters are described in detail in Chapter 9, 
"Configuring Dial-Out Locations." 

Open the Filter Table and specify filter rules for your network configuration. Once 
the filters are created, they can be assigned as input or output filters for the 
Ethernet interface, various users, locations, or hardwired ports. 

Filters are described in detail in Chapter 10, "Configuring Filters." 

Once all of the configuration parameters are set, your PortMaster is ready to provide 
communication service and routing for your network. 

Setting Global Parameters 

Global parameters are used to set system-wide variables such as the system name, the 
default gateway, and SNMP monitoring. All parameters can be set using the 
PMconsole graphical user interface, using commands entered through the system 
console port, or using administrative telnet. This guide provides general information 
about each of the parameters and their options. 

Figure 4-1 shows an example of the PMconsole global configuration window. The 
actual window you will see depends on the version of PMconsole you choose for 
configuring your PortMaster. The instructions for opening and using this window are 
in the Administrator's Guide for your user interface. 
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{9 Edit Window - Global 

Default Host: __ 

Alternate Host: ___ 

IP Gateway: ___ 

IP Gateway Metric: _ 

IPX Gateway:_ 

IPX Gateway Metric: _ 


Default Route: 

Broadcast 


Listen 

Name Service: 

DNS | NIS ] 


Name Server: server 

Domain: _ 

Telnet Access Port: 23 

Log host: _ 

Assigned Address: 0.0.0.0 
Password: _ 



C Save) ( Remote Reset) ( Default) ( Done) 


Figure 4-1 Global Configuration Window—X Windows GUI 

For specific information about how to configure your system using PMconsole, refer to 
the Administrator's Guide for your graphical user interface. 

The following sections describe each of the global parameters and the available 
options. 

Setting the System Name 

The system name parameter defines the name of the PortMaster that is used for SNMP 
queries, IPX protocol routing, and CHAP authentication. Enter a name that is valid for 
your network. In some versions of PMconsole this value is entered in the SNMP Table 
window, not the Global parameter window. 
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Setting the System Password 

The password parameter is an ASCII printable string of up to 16 characters used to 
access the PortMaster administration features. The password must be entered twice 
when setting it using PMconsole to ensure that it is entered correctly. The password 
can only be changed by the administrator. 

Setting the Default Gateway 

The Default Gateway parameter identifies the default IP gateway address, which is the 
address of the router of last resort. The default gateway is used when no other route is 
found. The address is entered in dotted-decimal notation. 

For IPX networks, the name of the default gateway is entered for the IPX gateway. This 
gateway is used for networks with no RIP gateways. 

The IP and IPX gateway metric parameters can be set between 1 and 15 and indicate 
the hop count associated with the gateway route. The hop count value is used if the 
PortMaster is set to listen for default routes from other routers. 

Refer to Chapter 2, "Networking Concepts," for more information about address 
formats and routing. 

Default Routing 

As described in Chapter 2, "Networking Concepts," PortMaster products can 
automatically send and accept route information as part of RIP messages if routing is 
turned on. If default routing is on, default routes are sent and accepted, as part of the 
RIP messages. 

When Broadcast is selected for the Default Route parameter the PortMaster advertises 
itself as a default route in its RIP messages, if a default route is set. When Listen is 
selected, the PortMaster accepts default route entries in RIP packets from other routers. 
Both options can be selected at the same time to enable the sending and acceptance of 
default routing information. If neither option is selected, default route information is 
not sent with RIP information and the PortMaster ignores all default route entries it 
receives from other routers. 
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Using a Name Service 

The PortMaster can work with network name services such as NIS or DNS. Chapter 2, 
"Networking Concepts" describes these name services. The Name Service parameter is 
set to the name service, if any, used on your network. 

Once the name service is set you must set the Name Server parameter to the address of 
your NIS or DNS server and enter the domain name of your network into the Domain 

parameter. 

The PortMaster stores all information by address not name. As a result, configuring the 
name server is only useful if you are using the command line interface for 
administration or if you prompt a login user for a host. If you are not using either o 
these features, you do not need to set the Name Service, Name Server, or Domain 
parameters. 

Using Telnet for Administration Tasks 

The telnet access port can be set to any number between 0 and 65535. The telnet port 
allows the administrator to access and maintain the PortMaster using a telnet 
connection to this TCP port. If zero (0) is used telnet administration is disabled. The 
default value is port 23. Up to four administrative telnet sessions at a time can be used. 

If the console parameter is set from a telnet session, the current connection becomes the 
console. This feature is useful for administrators who log in to a port using telnet and 
need to access the console for debugging purposes. 

Setting System Logging 

PortMaster products allow you to log authentication information to a log file for 
network accounting purposes. Information is logged to the auth. info facility of 
syslog at the host entered as the Loghost parameter. In addition, packet filter rules with 
the log keyword are logged to the auth.notice facility. Logging is performed by the 
syslogd daemon if the following entry is made in your /etc/syslog. conf file: 


auth.info /var/log/authlog 


Consult the sysiogd(8) and /etc/syslog. conf (5) man pages on your loghost for 
more information on system logging. 
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RADIUS accounting provides a better form of logging 
RADIUS Administrator s Guide for more information. 


usage information. Refer to the 


Dynamically Assigning IP Addresses 

IP addresses can be assigned dynamically to network dial-in users using PPP or S I TP 
to access the network. By assigning addresses as needed, a smaller pool of addresses is 
required than if every user had his own address. Once a connection is closed the 
address goes back in the pool and can be reused. The value of the Assigned Address 
parameter is the first address in the sequence of addresses available for temporary 
assignment. The PortMaster allocates one address into the pool of addresses for each 
port configured for network dial in. 


Setting SNMP Monitoring 

SNMP monitoring as described in Chapter 2, “Networking Concepts," is used to set 
and collect information on SNMP-capable devices. This feature is most often used to 
monitor network statistics such as error rate and utilization. Livingston supports MIB- 
II variables and ships configuration files compatible with various network 
management packages along with the PMconsole software. 

If the SNMP Status parameter is on, the PortMaster accepts SNMP queries. If this 
parameter is off, all SNMP queries are ignored. 

Chapter 2, Networking Concepts," describes community strings, which are used for 
SNMP security. The Read Community parameter must have the value of the read 
community string for your network. In addition, you can specify the Read host or 
hosts allowed to respond to SNMP get queries on your network. The same is true for 
the Write Community and Write Hosts parameters. You can specify a list of hosts that 
can perform SNMP sets, you can allow access for all hosts (not recommended), or you 
can allow access for no hosts refusing all SNMP get queries. 

Configuring the Host Table 

Each host attached to an IP network is assigned a unique IP address. PortMasters 
support a local Host Table to map hostnames to IP addresses. If your network lacks a 
computer that can perform hostname resolution, the PortMaster allows entries in a 
local Host Table. Hostnames are only used by the PortMaster for the convenience of 
the administrator when using the command line interface, and for hostnames entered 
by users at the host prompt. 


Setting Global Parameters 


4-7 












Configuring a PortMaster 


To avoid confusion and reduce administrative overhead, Livingston recommends using 
Domain Name Service (DNS) or Network Information Service (NIS) for hostname 
resolution rather than using the local Host Table. The PortMaster always checks the 
local Host Table before using DNS or NIS. For information on setting the NIS or DNS 
name server and domain, refer to "Using a Name Service" on page 4-6. 

Setting Static Routes 

Static routes are used to provide routing information when the Routing Information 
Protocol (RIP) is not running. RIP may not be running for several reasons: 

• Network administrators may choose not to run RIP 

• Hosts or networks connected to the PortMaster may not be able to run RIP 

Static routes are maintained in the Route Table accessed using the Tables menu. Two 
static route tables are maintained, one for IP and one for IPX. A static route contains 
the following items: 

• Destination 

• Gateway 

• Metric 

• Ticks (IPX routes only) 

Refer to Chapter 2, "Networking Concepts" for more information about routing and 
static routes. 

Setting Route Destinations 

The route destination is set to the host or network for which the PortMaster will be 
routing. 

Setting Gateway 

The route gateway is the address of a locally attached router where packets should be 
sent for forwarding to the destination. The gateway can never be set to the address of 
the PortMaster. 

For IPX networks, the gateway parameter is set to a hexadecimal address that 
represents the network number and the node address separated by a colon. For 
example, 00000002:A0B1C2D3E4F5. 
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Setting the Metric 

The metric in RIP is the number of gateways, hops, a packet must cross to reach its 
destination. The metric represents the cost of sending the packet through the above 
gateway to the specified destination. 

The Ticks parameter is used on IPX networks to represent the time it takes to send the 
packet to its destination. Ticks are measured in 50ms increments. 

Once all of the global parameters are set you should configure the Ethernet interface as 
described in Chapter 5, "Configuring the Ethernet Interface." 

Setting the Netmask Table 

The Netmask Table is provided to allow routes to remain uncollapsed on network 
boundaries in cases where its necessary to break a network into discontiguous subnets 
The PortMaster normally collapses routes on network boundaries as suggested in 
RFC 1058. However, in certain circumstances where you do not want to do that, the 
Netmask Table is available. 

For example, if the address of etherO is 172.16.1.1 with a 255.255.255.0 netmask 
(a class B subnetted on 24 bits) and the destination of ptpl is 192.168.9.65 with a 
255.255.255.240 netmask (a class C subnetted on 28 bits) and routing broadcast is on, 
the PortMaster's routing broadcast on etherO claims a route to the entire 192.168.9.0 
network. Additionally, the broadcast on ptpl claims a route to 172.16.0.0, which is 
entirely proper. 

Sometimes, however, you want the PortMaster to collapse routes to some bit boundary, 
other than the network boundary. In this case, you can use the Netmask Table; 
however, RIP only supports host and network routes, since it has no provision to 
include a netmask. Therefore, if you set a static netmask in the Netmask Table, the 
PortMaster collapses the route to that boundary instead, and broadcasts a host route 
with that value. Other PortMasters with the same static Netmask Table entry turn the 
host route back into a subnet route when they receive the RIP packet. This work¬ 
around only works if all of the products involved are from Livingston, with two 
exceptions: 1) If you use a netmask table entry of 255.255.255.255 then the routes are 
broadcast as host routes and really are host routes, so other routers can use them. Keep 
in mind, not all routers accept host routes. 2) If the other router has the ability to turn 
host routes into subnet routes through some mechanism of its own. 
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The most common use for the static Netmask Table is to split a single class C networ 
into 8 30-host subnets for use in assigned pools. This allows each PortMaster to 
broadcast a route to the subnet instead of claiming a route to the entire class C. An 
example of that usage is provided below. 

The next most common use for the static Netmask Table is to allow dial-in users to use 
specified IP addresses across multiple PortMasters, in situations where Assigned IP 
addresses are not sufficient. This can result in very large Routing Tables and is not 
recommended except where no other alternative is possible. 

The Netmask Table can only be accessed using the command line interface. To add a 
static netmask, use the add netmask <network> <netmask> command. To delete a 
static netmask, use the delete netmask <network> command. The show table 
netmask command shows both dynamic netmasks and static netmasks, marking them 

accordingly. 


A Caution - Do not use the static Netmask Table unless you thoroughly understand and 

/1\ need its function. In most circumstances it is NOT necessary. Very large routing 

/ a \ updates can result from too much use of the NetMask Table, resulting in adverse 

effects on performance. 

The following Netmask Table example assumes the following: 

• You have 20 PortMasters (or anywhere between 8 and 250 PortMasters) 

• You assign all the user addresses from the dynamic address assignment pools on 
the PortMasters 

• You are using 27-bit subnets of these three class C networks 192.168.207.0, 
192.168.208.0, and 192.168.209.0 

• You are using the 192.168.206.0 network for your Ethernet 

• All PortMasters involved must be running ComOS 3.1.2 or later 

• Proxy ARP is convenient for 7 or fewer PortMasters, but should be avoided as you 
scale up. Instead, use your 192.168.206.0 network for the Ethernet and divide your 
other networks up among the PortMasters. 

• Each network should provide 30 addresses for the assigned pool of each of 8 
PortMasters. 
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In this example, use the following commands on all of the PortMasters: 


Command> set etherO address 192.168.206.X (for some value of X) 

Command> set gateway 192.168.206.Y (where Y points at your gateway) 

Command> add netmask 192.168.207.0 255.255.255.224 

Command> add netmask 192.168.208.0 255.255.255.224 

Command> add netmask 192.168.209.0 255.255.255.224 

Command> set etherO routing on 

Command> save all 


The Netmask Table collapses routes on the boundaries specified, so if on one 
PortMaster you have an assigned pool starting at 192.168.207.33, instead of 
broadcasting a route to the 192.168.207.0 network the PortMaster would broadcast that 
it has a host route to 192.168.207.32. The other PortMasters will see that route, look in 
their own Netmask Table, and convert it back into a subnet route to 192 168 207 33 
through 192.168.207.62. 

If your gateway out from the Ethernet is not a Livingston product the netmask table is 
not supported. However, you can set a static route on the gateway for each of the three 
destination networks for your assigned pools (192.168.207.0, 192.168.208.0, and 
192.168.209.0), pointing at one of the PortMasters. The identified PortMaster then 
forwards packets to the proper PortMaster. If you are using an IRX running ComOS 
3.2R or later as your gateway, you could set the Netmask Table on the router also. This 
allows you to listen to RIP messages from the PortMasters and route directly to each of 
them. 
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Configuring the Ethernet Interface 


This chapter describes how to configure the PortMaster Ethernet interface All of the 
possible parameters are reviewed along with explanations of each option. Use the 
information in this chapter along with the specific configuration information described 
in Chapters 11 through 18 to configure the PortMaster for your application. 


This chapter includes the following topics: 

• Setting general Ethernet parameters 

• Setting IP protocol parameters 

• Setting IPX protocol parameters 


Connecting the Hardware 

On most PortMaster models you have the choice of several different Ethernet hardware 
connections: 

Twisted pair Ethernet (lOBaseT) using an RJ-45 connector 

Thin Ethernet (10Base2) using a built-in BNC connector or a transceiver with an 
AUI cable 

The PortMaster Office Router does not have a BNC connector. 

• Thick Ethernet (10Base5) using a transceiver and an AUI cable with a DB-15 
connector 

Connect your network to the Ethernet port that best suits your installation. Use the 

DIP switches to select the connector type. Refer to your Hardware Installation Guide for 
more information. 
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General Ethernet Parameters 

The Ethernet parameters described in this section allow you to configure your Ethernet 
interface. In addition to specifying the protocol type (IP, IPX, or both) and address, you 
must specify any routing and filtering you want on the Ethernet interface. 

This subsection describes the general Ethernet parameters that apply to your network 
regardless of the protocol you use. Figure 5-1 shows an example of the Ethernet 
configuration window. The actual window you will see depends on the version of 
PMconsole you choose for configuring your PortMaster. 



Figure 5-1 Ethernet Configuration Window—X Windows GUI 


For specific information about how to configure your system using PMconsole, refer to 
the PMconsole Administrator's Guide for your user interface. 
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Configuring Routing 

As d esc ri bed in Chapter 2, "Networking Concepts/' PortMaster products automatically 
send and accept route information as RIP messages if routing is turned on. 

Select Broadcast for the Routing parameter to broadcast routing packets on the local 
Ethernet. When Listen is selected, the PortMaster accepts routing packets from other 
routers on the local Ethernet. Both options can be selected at the same time to enable 
e sending and acceptance of routing information. If neither option is selected, route 
information is not sent and the PortMaster ignores all route messages from other 
routers on the local Ethernet. 


Setting Input and Output Filters 

Input and output filters can be created and attached to the Ethernet interface Filters 
allow you to restrict network traffic. If an input filter is set, all packets received from 
the Ethernet interface are evaluated against the rule set for the attached filter Onlv 
packets allowed by the filter are passed through the PortMaster. If an output filter is 
set, only packets allowed by the filter are sent to the interface. For more information 
about filters, see Chapter 10, "Configuring Filters." 


Ethernet IP Parameters 

PortMaster products support both the IP and IPX protocols. When you select a protocol 

or the Ethernet port, values for the parameters appropriate for the selected protocol 
must be entered. 

This subsection describes the IP parameters, which must be entered if you select IP or 
IP/IPX protocol support. 

Setting the IP Address 

The IP address parameter is the same address set during the installation process. When 
the PortMaster is installed, its IP address is set using the console port. From then on 
configuration can be done across the network using either PMconsole or administrative 



Note - If you change the IP address of the Ethernet interface, you must reboot the 
PortMaster for the change to take effect. 


Ethernet IP Parameters 


5-3 
















Configuring the Ethernet Interface 


Setting the Netmask 


Netmasks are used to divide networks into subnets as described in Chapter 2, 
"Networking Concepts." The default netmask is 255.255.255.0. If you use a different 
netmask on your network, enter the subnet mask that describes how your network 
addresses are divided between the network portion and the host portion. 


Note - Only one netmask per network is permitted. 


Setting the Broadcast Address 

The Broadcast Address parameter defines the IP address used as the local broadcast 
address. The RIP routing protocol uses this address to send information to other hosts 
on the local Ethernet network. The actual broadcast address is constructed from the II 
address of the Ethernet port and the netmask. The two valid values are high, where the 
host part of the address is all ones (such as 192.168.1.255) or low, where the host part of 
the address is all zeros (such as 192.168.1.0). The current standard is broadcast high but 
some hosts still use broadcast address low, including hosts running SunOS 4.x 
(Solaris 1.x) and earlier. 

The value of the Broadcast Address parameter must match the broadcast address set 
for other hosts on your local Ethernet segment. 

Enabling IP Traffic 

The Ethernet must be enabled on all PortMasters attached directly to a local Ethernet. 
When enabled, IP traffic is sent and received through the PortMaster Ethernet port. 
This parameter should only be disabled if the PortMaster is not attached to a local 
Ethernet network. 


Ethernet IPX Parameters 

IPX parameter values must be entered if the IPX or IP/IPX protocols are selected. IPX 
routing is enabled when either or both Broadcast and Listen are selected for the 
Routing parameter. 
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Setting the IPX Network Address 

The IPX Network or IPXNet parameter is the IPX network of your local Ethernet 
Chapter s 4eSorSng Concepts " terfaCe “ “ HEX f ° rmat ' described in 

Setting the IPX Frame Type 

The IPX frame type must be identified and set to the value used on the local IPX 
network. The frame type identifies the encapsulation method used on your IPX 
inter aces. The IPX protocol can be implemented using one of three different IPX 
encapsulation and frame types, as shown in Table 5-1: 


Table 5-1 Novell IPX Encapsulation and Frame Types 


IPX Frame Type 

Description 

Ethernet_802.3 

This encapsulation consists of a standard 802.3 MAC 
header followed directly by the IPX header with a 
checksum of FFFF. This is the default encapsulation 
used by Novell NetWare Version 3.11. 

Ethernet_II 

This encapsulation uses Novell's Ethernet_II and is 
sometimes used for networks that handle both TCP/IP 
and IPX traffic. 

Ethernet_802.2 

This encapsulation consists of a standard 802.3 MAC 
header followed by an 802.2 LLC header. This is the 
default encapsulation used by Novell NetWare Version 

4.0. 

Ethemet_802.2_II 

This encapsulation is not commonly used. 


M 6 trov 11 ° f enca P sulatlon method and frame type was made at the time your 
Novell IPX network servers were installed. The PortMaster IPX Frame Type parameter 
must match the frame type set for your network. Contact your Novell NetWare 
administrator for information about the frame type used on your network. 


Ethernet IPX Parameters 
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Enabling NetBIOS Broadcast Packet Propagation 


NetBIOS over IPX uses type 20 broadcast packets propagated to all networks to ge 
information about the named nodes on the network. NetBIOS uses a broadcast 
mechanism to get this information, because it does not implement a networ ayen 
Before forwarding the packets, the PortMaster performs loop detection as described by 
the IPX Router Specification available from Novell. 

Full NetBIOS protocol compliance requires that the PortMaster be set to P ro P a § ate ^d 
forward type 20 broadcast packets across your IPX network router. When the NetBIOS 
parameter is on, the PortMaster broadcasts type 20 packets. When the NetBIO 
parameter is off, the type 20 packets are not broadcast across the router. The default is 

off. 



Note - The NetBIOS parameter can only be enabled from the command line interface 

by typing: 

set NETBIOS on 
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This chapter describes the steps required to configure a PortMaster asynchronous port 

c f e tu a I! n ° t dependent ° n Whkh USer interface y° u ar e using to configure your 
system. The Administrator s Guide for your user interface describes how to set each 

option. The purpose of this chapter is to review each of the port parameters and its 
options. 


11 of the possible port parameters are described in this chapter; however, you onlv 
need to set the parameters required for the configuration you want. Specific 
configurations are described in Chapters 11 through 18. 

This chapter includes the following topics: 

• Introduction to port configuration 

• Setting ports for login users 

• Setting ports to access host devices 

• Setting ports for network dial in and dial out users 

• Setting ports for dedicated network connections 

• Setting general port parameters 

Configuring modems and setting modem parameters 


Introduction 

( A single PortMaster port can be configured for several different types of operation. For 
example, a port set for login users can also be set to access host devices; this is called 
TwoVVay operation. The port set for TwoWay operation is now available for both login 
users and users who need to access shared devices. In this configuration the port can 
be used for two purposes: one now and another one later. 

Each of the asynchronous ports is configured using port parameters that can be set 
through the PMconsole graphical user interface. An example of the asynchronous port 
configuration window is shown in Figure 6-1. The actual window you will see depends 
on the version of PMconsole you choose for configuring your PortMaster. 


Introduction 
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Figure 6-1 Asynchronous Port Window SO—X Windows GUI 
All of the available parameters are described in this chapter. 
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Setting the Asynchronous Port Type 

Chapter 3, “How PortMasters Work" describes each of the ways an asynchronous port 
the port* Sed SeCti ° n deSCrib6S 6ach ° f the s P ecific Parameters used to configure 

Setting a Port for Login Users 

Setting the Port Type parameter to User Login allows users to be authenticated using 
the internal User Table or RADIUS and then be transferred to a login session on the 
host specified for this port. The User Login Port Type can be selected with any of the 
ot er Port Type options except for Network Hardwired. For more information about 
user authentication, refer to Chapter 2, "Networking Concepts." For more information 
about setting security on ports, see "Setting Port Security" on page 6-12. 

Setting the Login Service 

Once the Port Type User Login is selected, you can set the Login Service parameter. 
The Login Service specifies how login sessions are established. Four types of Login 
Service are available as described in Table 6-1. 


Table 6-1 Types of Login Service 


Login Service 

Function 

PortMaster 

PortMaster is the default login service and can be used to 
access any host that has the PortMaster in.pmd daemon 
installed. This type of login service is preferred because it 
makes the PortMaster port operate as if it was a serial port 
attached to the host. This service is the most cost effective in 
terms of host resources. 

Rlogin 

Rlogin uses the rlogin protocol to establish a login session 
to the specified host. This login method is used on mixed 
UNIX networks where it is impractical to use the 

PortMaster login service. 

Telnet 

Telnet is supported on most TCP/IP hosts. This login 
service should be selected when the PortMaster and rlogin 
protocols are not available. 

The default port number is 23, but other ports can be 
entered. 
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Table 6-1 Types of Login Service (Continued) 


Login Service 

Function 

Netdata 

Netdata creates a virtual connection between the 

PortMaster port and another serial port on another 

PortMaster or between the PortMaster port and a host. This 
login service creates a clear channel TCP connection. To 
connect to another PortMaster port using netdata, that port 
must be configured as a Host Device with Device Service 
Netdata using the same TCP port number. The default 
netdata port is 6000; however, other ports can be used. This 
effectively allows any TCP/IP network to be used as an 
RS-232 cable, without distance limitations. However, with 
some serial communications protocols, such as FAX, there 
are potential latency issues. 


Specifying the Login Host 

The Host parameter is used to specify how the login host is determined for the selected 
port. There are three ways to determine the login host as described in Table 6-2. 


Table 6-2 Login Host Options 


Host Option 

Description 

Default 

The host used for this port is the Default or Alternate Host 
specified in the global parameters. 

Prompt 

The user is given the opportunity to enter a valid host name 
or IP address instead of the standard login prompt. 

Specified 

You set a primary and up to three alternate hosts for this 
port. This allows you to assign specific ports to specific 
hosts. 


Specifying the Terminal Type 

The Terminal Type parameter can be entered if the Port Type is set to User Login or 
TwoWay and the Login Service is set to PortMaster, rlogin, or telnet. The terminal type 
is passed as an environment variable when a connection is established with a host. The 
Terminal Type should be a valid entry on the host you are logging into. 
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Setting a Port for Access to Shared Devices 


f Devxce must be set as the Port Type for any port that you want to act as a host 
theT M ° n 3 T rkstation ‘ This configuration allows users to connect through 

hl M H 5 t0 , shared devices such as Printers or modems. The type of device 
available depends on the type of Device Service selected. 

In addition, the host device configuration only works if the Host Device parameter is 
*t to the correct value. Table 6-3 shows the options for the Device Service and Host 
Device parameters when the Port Type is set to Host Device. 


Tabic 6-3 Types of Device Service 


Device 

Service 

Host Device 
Value 

Function 

PortMaster 

/dev/tty** 
where ** is the 
specific device 
identifier 

PortMaster is the default device service. This 
type of device service is preferred because it 
makes the PortMaster port operate as if it was a 
serial port physically attached to a UNIX host 
such as a printer or modem. However, the 
PortMaster in. pmd daemon must be installed on 
the host for this device service to be used. 

Rlogin 

/ dev/ network 

A host can use the UNIX rlogin command to 
establish a connection to the port. Once the 
rlogin session is established, the host application 
c<in read and write data directly to the serial 
port. If multiple ports on the PortMaster are 
configured to use this service, a pool of ports is 
created. 

Telnet 

/ dev/ network 

Telnet is supported on most TCP/IP hosts. This 
service should be selected in mixed hardware 
and operating system networks. Once the telnet 
session is established, the host application can 
read and write data to the port. 

The default TCP port number is 23, but other 
ports can be entered. If multiple ports on the 
PortMaster are configured to use this device 
service at the same TCP port, a pool of ports is 
created. 
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Table 6-3 Types of Device Service (Continued) 


Host Device 

Value Function_ __ _ 

/dev/network Netdata allows a clear channel TCP or SPX 
connection from a network host to the 
PortMaster port. This device service is used with 
customized applications that use a socket 
interface and need a direct data link to a serial 
device. The advantage of this configuration is 
that no option or protocol negotiation is required 
to establish the session. The host application can 
begin reading and writing data to the PortMaster 
immediately. 

The default netdata port is 6000; however, other 
ports can be used. If multiple ports on the 
PortMaster are configured to use this device 
service at the same TCP or SPX port, a pool of 
ports is created. __ 


Setting Override Parameters 

If the Port Type parameter is set to Host Device, you can specify that the host device 
can override certain port parameters. The override parameters are Baud Rate, Parity, 
Databits, and Flow Control. These parameters can be changed by the host using an 
ioctl () system call. All overrides are turned off by default. If you want to allow a 
host to override a parameter, turn override for the parameter on. 

Setting Two Way Port Type 

If the Port Type parameter is set to Two Way, the port operates in both User Login and 
Host Device modes. User Login mode is used if carrier is detected on pin 8 of the 
RS-232 connector (DCD). Otherwise, the port can be accessed as a host device on the 
computer. This configuration allows network users access to PortMaster modems on an 
as-needed basis. 

The Host Device parameter must be set according to the Device Service selected as 
described in Table 6-1. In this configuration, the Login Service must also be specifie . 


Device 

Service 

Netdata 
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etting a Port for Network Use 


Any port where you want to allow network dial-in or dial-out access must have its 
Port Type set to Network. Network makes the port available for connections to and 
rom remote sites using modems and the Serial Line Internet Protocol (SLIP) or the 
oint-to-Point Protocol (PPP). Once you have selected the Port Type as Network, you 
must specify one of four Network Types as described in Table 6-4. 

Table 6-4 Network Types 


Type 

Description 

Hardwired 

This network type allows you to establish a dedicated 
network connection between two sites without modem 
dialing or authentication. In this mode the port 
immediately begins running the specified protocol. If 
the port is set for Hardwired it cannot be used for any 
other purpose. Hardwired connections are discussed in 
more detail in "Setting a Port for a Dedicated 

Connection" on page 6-8. 

Dial In 

This network type allows the port to accept dial-in 
network connections only. The dial-in user is required 
to enter a user name and password before the 
connection is established. Authorized users are 
managed through the User Table described in 

Chapter 8, Configuring Dial-In Users" or using 

RADIUS. 


PPP users wishing to authenticate with PAP or CHAP 
can start sending PPP packets. When the packets are 
received the PortMaster autodetects PPP and requests 

PAP or CHAP authentication. Refer to "PAP and CHAP 
Authentication" on page 3-15. 

Dial Out 

This network type allows dial out to establish 
connections with remote locations. Dial-out network 
destinations are managed through the Location Table 
described in Chapter 9, "Configuring Dial-Out 

Locations." 

Dial In & Out 

This network type allows the port to accept dial-in users 
and use dial-out locations. 
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Setting Dial Group 

The Dial Group parameter is used to assign ports to modem pools for use by dial-out 
locations. A group number is assigned to each location in the Location Table .for 
example, you create a dial-out location called "home" and specify that the Dial Group 
for "home" is 2. When you configure each port, you may assign the port to a dia 
group. Any idle port in Dial Group 2 can be used to dial the destination home, other 
ports can not. In order for modem pools to work, each port must be assigned to a Dial 
Group and each destination must specify a Dial Group. Valid dial groups are 
numbered 0 to 99. The default dial group is 0 (zero). 


Setting a Port for a Dedicated Connection 


A port can be configured for a dedicated network connection by setting the Port Type 
parameter to Network and the Network Type to Hardwired. If the port is hardwired, it 
can not perform any of the other port functions described in this chapter. 


When the Network Type is set to Hardwired, the port configuration window is 
changed to include parameters that must be set only on hardwired ports. These 
parameters are described in the following subsections and only apply to network 
hardwired ports. 


Setting the Protocol 

The network protocol for the hardwired port can be set for PPP packet encapsulation 
or SLIP encapsulation as described in Chapter 3, "How PortMasters Work. you 
want to use the Point-to-Point Protocol you have your choice of the following options: 

• PPP with IP packet routing 

• PPP with IPX packet routing 

• PPP with both IP and IPX packet routing 

You should select a protocol that is compatible with the rest of your network 
configuration. 


Setting the Maximum Transmission Unit (MTU) 

The Maximum Transmission Unit or MTU defines the largest frame or packet that can 
be sent through this port. If a packet exceeds the specified MTU it is.automatically 
fragmented if IP or discarded if IPX. PPP connections can have an MTU set from 100- 
1500 octets. SLIP connections can have an MTU set from 100-1006 octets. The remote 
host can negotiate smaller MTUs if necessary. 
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Setting the Destination IP Address 

The IP address or host name of the machine on the other end of the hardwired 
connection must be entered for the IP Destination parameter. 

For PPP, the IP Destination parameter can be set to Negotiated. This allows the 
PortMaster to learn the IP address of the system on the other end of the connectioi 
using PPP IPCP address negotiation. 

Setting the Destination Netmask 

The Netmask parameter defines the netmask of the system on the other end of the 


hardwired connection. 


Setting the IPX Network Number 

IPX traffic can be passed through a port if you assign an IPX network number to the 
hardwired network connection. The IPX Network parameter is the IPX network for the 
connection and must be a unique IPX network number not used anywhere else on vour 

nptwnrV J ■> 


IPX routing differs from IP in that the serial link itself must have a network, as shown 
in Figure 6-2. In IP routing, the serial link can have a network or be unnumbered, 

which is more common. In this case, the device at each end of the link uses its Ethernet 
IP address for its end of the serial link. 


IPX 

Network 3 


PortMaster 


PortMaster 


IPX Networkl 


IPX Network 2 


Figure 6-2 IPX Network Address Requirements 
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Enabling Routing 

As described in Chapter 2, "Networking Concepts/' PortMaster products automatically 
send and accept route information as part of RIP messages if routing is turned on. 
you select Broadcast for the Routing parameter, routing packets are sent to the system 
at the other end of the hardwired connection. When Listen is selected, the PortMas er 
accepts routing packets from the device connected to the hardwired port Both options 
can be selected at the same time to enable the sending and acceptance of routing 
information. If neither option is selected, RIP is turned off and the PortMaster ignores 
all route messages received on the interface. 


Setting TCP Header Compression 

Compression of TCP/IP headers can increase the performance of interactive TCP 
sessions over asynchronous lines. Livingston implements Van Jacobson TCP/IP header 
compression. 

Compression should not be used with multi-line load-balancing, but may be used with 
multi-link PPP. 

Compression must be enabled on both ends of the connection if you are using SLIP. 
With SLIP, TCP packets are not passed if only one side of the connection has 
compression enabled. For PPP connections, the PortMaster supports both bidirectional 
and unidirectional compression. Refer to RFC 1144 for more information about header 
compression. 

Setting the PPP Async Map 

The PPP protocol supports the escaping of nonprinting ASCII characters found in the 
datastream. Escaping means that specified characters are not sent through the 
connection but are instead replaced by a special set of characters. These specia 
characters are interpreted by the remote system as the original character. The PPP 
Async Map is a bitmap of characters that should be escaped. The default PPP Async 
Map is 00000000. If the remote host requires a PPP async map, the PortMaster accepts 
the request for the map. 


Setting Input and Output Filters 

Input and output packet filters can be attached to a network hardwired port. Filters 
allow you to monitor and restrict network traffic. If an input filter is attached, all 
packets received from the interface are evaluated against the rule set for the attached 
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Ir l n/ attached, packets going to the interface are evaluated against the rule 
set in the filter and only packets permitted by the filter are sent to the interface For 
more information about filters, see Chapter 10, "Configuring Filters." 

Setting General Port Parameters 

The general port parameters are set for every asynchronous port regardless of the port 
type and configuration you have selected. P 

Displaying Extended Port Information 

The PortMaster can display port information in brief or extended modes. The extended 
mode provides more information than the brief mode. To display all of the information 
available, set the Extended parameter on. In some versions of PMconsole the Extended 
parameter is on all the time. 


Setting the Login Prompt 


Ic^T T an u CUSt0miZe the l0gin pr ° mpt dis P la y ed to users on a per port basis. Any valid 
ASCII characters can be used. If the string "$hostname" is included in the login 

prompt, the host name set for this port is substituted for the string. "$hostname login:" 

is the default Login Prompt. Double quotes and control characters may not be used 
inside the login prompt. 


Setting the Login Message 

The PortMaster allows you to specify a message for each port, up to 240 characters 
long, that is displayed to the user prior to login. To insert a new line use a caret (A). Do 
not include double quotes within the message. 

Setting an Optional Access Pilter 

An access filter can provide additional login security. To enable access security, the 
Access Filter parameter must be defined as described in Chapter 10, "Configuring 
Filters." Access filters work as follows: 6 

• The user specifies a host 

• The host address is compared against the access filter 

If the address is permitted by the filter, the connection is established 
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• If the address is not permitted, the connection is denied unless Access Override is 
enabled 

The Access Override parameter is used as follows if access is denied. 

• Access is denied by the access filter 

• The user is prompted for a username and password 

• The user is verified by the User Table or RADIUS 

• The access filter defined for this user is used to determine if the user has 
permission to access the specified host 

Setting Port Security 

Port Security requires that each username be found in the User Table or in the RADIUS 
database. If Port Security is enabled, each user that logs in must have their username 
verified before they are allowed to connect to the specified host. 

If Security is turned off, any user not found in the User Table is passed through to the 
host for authentication. If you are using RADIUS authentication. Security must be on. 

Allowing Users to Connect Directly to a Host 

The Autolog parameter allows users to be connected with the specified host without 
seeing the login prompt. The Autolog parameter is automatically substituted for the 
login prompt response and the host session is started. 

Setting a Port as the Console 

The console parameter allows you to set any asynchronous port to be the console for 
administrative functions. If you use the save console command, the port remains 
the console even after the current session is ended. 

Setting the Port Idle Time 

The Idle Timeout parameter specifies how long the PortMaster should wait with no 
input or output activity before it resets the port. Versions of the ComOS prior to and 
including version 3.0.3 only monitor input activity. 

This parameter is defined in minutes and can be set from 0 to 240 minutes. To disable 
the idle timer, set the Idle Timeout parameter to 0. If the idle time is set to 1, the login, 
password, and host prompts time out in 5 minutes but users already logged in are not 
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affected. If the idle time is set to 2 or higher, the login password and host prompts time 
. minutes. Once the user is logged m, the timeout value is used to determine the 

idle time allowed RIP, SAP, and keepalive packets are not considered traffic for the 
purpose of the idle timer. 


Configuring Modems and Modem Parameters 


Modems are connected to PortMasters using an RS-232 cable. The PortMaster is a DTE 
device so a straight through cable is used to connect modems. The RS-232 input and 
output signals and pins are shown in Table 6-5. Straight-through cables used with 
modems use pins 2, 3, 4, 5, 6, 7, 8, and 20. 

A null-modem cable is used to connect a terminal (DTE) to a console port. A null- 
modem cable crosses pins 2 and 3, and 4 and 5, pin 7 is straight-through, and pins 6 
and 8 are connected to pin 20. y 


Table 6-5 

Modem Cable Pinout 


Pin Number Description 

Direction 

2 

Transmit Data (TXD) 

Output 

3 

Receive Data (RCD) 

Input 

4 

Request to Send (RTS) 

Output 

5 

Clear to Send (CTS) 

Input 

6 

Data Set Ready (DSR) 

Input 

7 

Signal Ground 

8 

Data Carrier Detect (DCD) 

Input 

20 

Data Terminal Ready (DTR) 

Output 



Note - If you do not use hardware flow control (RTS/CTS) you do not need pins 4 and 
• you do not use modem control, you do not need pins 6, 8, and 20. Both RTS/CTS 
and modem control are strongly recommended for PPP and SLIP use. 
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Dial-up modems that operate over normal telephone lines at speeds of 28,800 bits per 
second"or higher are now available. These modems do not operate at a guaranteed 
throughput, but rather at a speed dependent on the quality of the line, the effectiveness 
of data compression, and other variables. These modems use hardware flow control 
stop the data from the host by raising and lowering the CTS signal. 


PortMasters support hardware flow control using the RTS output signal and the CTS 
input signal, which is also used by the normal modem handshake. 


Modems should be configured to do the following: 

• Raise DCD when a call comes in 

• Reset itself when DTR is dropped 

• Lock the DTE speed 

• Use hardware flow control (RTS/CTS) 


Automatic Modem Configuration 

PortMasters contain a user configurable modem table that describes most common 
modems, their preferred speed, and initialization string. The modem table is used to 
automate the modem configuration process. Once you specify the name of the modem 
and the attached port, the PortMaster automatically configures the modem for you 
provided the modem is in the factory default state when it is initialized. 

For ports that have never been configured, the PortMaster automatically sets the port 
for hardware flow control, the correct speed, and modem control when the port is 
after a modem type is specified. 

Example modem table entries are shown in Table 6-6. 


To view your modem table, type: 


Command> show table modem 


Table 6-6 Example Modem Table Entries 


Modem Name 
(Short) 

Modem Name (Long) 

DTE 

Rate 

Initialization String 

acura-v32 

hayes 

Hayes Acura V.32bis 
Hayes Compatible 

38400 

38400 

AT&F&C1&D3&K3&Q5E0Q1S0=1&W 

AT&F&Cl&D3&k3&Q5X0E0S0=l&W 
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Table 6-6 Example Modem Table Entries (Continued) 


Modem Name 

DTE 


(Short) 

Modem Name (Long) Rate 

Initialization String 

p-optima-v32 

Hayes Optima 
V.32bis PCMCIA 

115200 

AT&F&C1&D3S0=1&W&W1 

p-optima-v34 

Hayes Optima V.34 
PCMCIA 

115200 

AT&F&C1 &D3&K3&Q5E0Q1 S0=1 & W 

intell44e 

Intel 144e V.32bis 

38400 

AT&FE0Q1 &C 1S21 =56 \ XIS0=1S7=30S11=50&W 

p-intel-v32 

Intel V.32bis 
PCMCIA 

115200 

AT&F&D3S0=1&W&W1 

mtl432ba 

MultiTech 

MT1432BA 

38400 

AT&F&D3&W0 

mt224 

MultiTech MT224 

38400 

AT&F$SB38400$R1E0Q1 V1 & W0 

p-multi-v34 

MultiTech 

MT2834LT V.34 
PCMCIA 

115200 

AT&F&E1 &E4&C1 &D3&R1$SB115200S0=1 & W 

p-ppi-v34 

PPI ProClass V.34 
PCMCIA 

115200 

AT&F&C1&D3&K3S0=1&W&W1 

ppi-v32 

Practical Peripherals 
SX/SA V.32bis 

38400 

AT&FE0S0=1Q1&C1&D2&W 

p-premax-v32 

Premax V.32bis 
PCMCIA 

115200 

AT&F&D3S0=1&W&W1 

usr-v32 

USR Courier/ 
Sportster V.32bis 

57600 

AT&F1S0=1&W 

p-usr-v32 

USR Courier/ 
Sportster V.32bis 
PCMCIA 

57600 

AT&F1S0=1&W 

usr-v34 

USR Courier/ 
Sportster V.34 

115200 

AT&F1S0=1&W 

p-usr-v34 

USR Courier/ 
Sportster V.34 
PCMCIA 

115200 

AT&F1S0=1&W 

---- 1 
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Modems can be added to the modem table by typing: 


Commands add modem name_short "name_long" speed "init_string" 


For example, to add a USRobotics modem to the modem table, type: 


Coinmand> add modem usr 


-v34 "USRobotics V.34" 115200 »AT&FlSO=l&W\r*OK" 


To automatically configure and attach a modem to a port, type. 


Command> set port# modem name_short 

Modem type for port# changed from modem_name to name_short 
Command> reset port # 

This command configures the modem attached to the port specified. For example: 


Command> set si modem usr-v34 

Modem type for si changed from to usr-v34 
Command> reset si 


To configure all of the ports for the same modem type, use all instead of port# in the 
previous example. After the modem is attached to the port, set the other modem 
configuration parameters described in "Configuring Modem Parameters on page 6-16. 

To configure the modem not to answer when users dial-in set S0=0 in the initialization 
string To avoid writing the initialization to the NVRAM in the modem each time the 
port is reset, leave off the &W at the end of the initialization string. 


Configuring Modem Parameters 

The modem parameters described in this subsection are 
match the configuration on the attached modem. 


set for each port and should 
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Setting the Port Speed 

Th e speed of a port is defined as the baud rate. The PortMaster allows you to specify 
three different baud rates for each port and one baud rate for host device ports^orf 
speeds are sequentially matched from the first baud rate through the thh/baud rate. 

For exampie, when a connection with this port is established, the PortMaster uses the 

irst baud rate value to try to synchronize the connection speed. If no synchronization 

15 rt l r 3Ster tries to synchronize speeds using the second baud rate 

Inn U i!' ^ h i S i ailS ' the third baud rate Value is used ‘ Each of the speeds can be set from 
300 bps to 115200 bps. The default speed is 9600 bps. 

Modem modems and terminals should always be set to run at a fixed rate. To define a 
fixed rate, lock the DTE rate by setting all three baud rate fields to the same value. 

Setting Modem Control 

The Modem Control parameter should be set on if you want to make use of the DCD 
signal for modem connections. When Modem Control is on, the PortMaster uses the 
condition of the carrier detect line to determine whether or not the line is in use. 
Modem control must be on for PortMaster outbound traffic. If modem control is off the 
PortMaster assumes the carrier detect line is always high. As a result, the PortMaster 
cannot attach to the modem for outbound traffic because it sees the line as busy. 

Setting Parity 

The Parity parameter must be set to match the parity on the attached device. The 
parity default value is none and must be used for ports configured for network dial in 
or dial out operation. Table 6-7 describes each of the parity options. 

Table 6-7 Parity Parameter Options 


Option 

Description 

None 

Assumes 8 databits, 1 stop bit, and no parity bit. 

Even 

Assumes 7 databits, 1 stop bit, and even parity. 

Odd 

Assumes 7 databits, 1 stop bit, and odd parity. 

Strip 

Assumes 8 databits, 1 stop bit and the parity bit is 
stripped from the datastream when it is received by the 
PortMaster. 
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Setting the Flow Control 

The PortMaster supports either software flow control or hardware flow control. 
Software flow control uses the ASCII control characters DC1 and DC3 to communicate 
with the attached device and start and stop the flow of data. Software flow control 
set by selecting the Xon/Xoff option for the Flow Control parameter. 

Hardware flow control allows the PortMaster to receive data from the attached device 
by raising the Request to Send (RTS) signal on pin 4 of the RS-232 connector. The 
PortMaster only sends information to the attached device when the Clear to Send 
(CTS) modem line on pin 5 of the RS-232 connector is raised. Hardware flow control is 
set by selecting the RTS/CTS option for the Flow Control parameter. 



Note - Always use hardware flow control if it is available. Do not use both hardware 
and software flow control on the same port. 


Hanging Up a Line 

The Line Hangup parameter specifies whether or not the DTR signal should be 
dropped and the modem hung up after a session is terminated. If Line Hangup is 
enabled and the session is terminated, DTR is held low signalling the modem to 
disconnect. If Line Hangup is disabled, the DTR signal does not drop and the user 

session terminates. 



Note - Resetting the port administratively always drops DTR. 


DTR Idle 


The DTR Idle parameter is used when you want to connect a PortMaster to a BBS or 
other host allowing bidirectional communications. This parameter changes the 
behavior of the port to better accommodate connecting the PortMaster to BBS systems 
or other legacy hosts that do not support TCP/IP but do have serial ports. 


This type of connection requires that you connect a null modem cable to the 
PortMaster port and to your host. For more information about null modem cables, 
refer to your Hardware Installation Guide. 
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KR ,"o ™; E POrtMaS,er “*■ Some PCs may require DSR high, but do no, tie 


The OTR Idle parameter can only be set using the command line interface. Use the 
following commands to configure this feature on port SI. 


Command> set telnet 24 

Command> set si dtr_idle off 

Coiranand> set si modem on 

Command> set si twoway /dev/network 

Command> set si service_device telnet 

Command> reset si 

Command> save all 


Changes your telnet administration port. This is not necessary if 
you set the SI port service_device telnet to some port other than 23. Table 6-8 describes 
the port transitions resulting from this configuration. 

Table 6-8 DTR_Idle Transitions 


Transitions 


Explanation 


No DTR from BBS 


DTR asserted by BBS 


Telnet session begins 

User drops telnet session 
from the network side 


BBS drops the user by 
deasserting DTR for 100 msec 
or longer 


* SI IDLE 

* PortMaster refuses telnet 

* SI IDLE 

- DTR from PortMaster is deasserted 
’ PortMaster accepts telnet for SI at TCP port 23 

1 SI changes to ESTABLISHED 
DTR from PortMaster is asserted 

SI changes to IDLE 

PortMaster resets the port, dropping DTR 
BBS loses Carrier Detect, terminates user 
(BBS can now either drop DTR or not) 

SI changes to IDLE 

Telnet session is closed by the PortMaster 
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7 


T hlS C T J a J ter . d ®f A C r r A ibes the ste P s re q uir ed to configure a PortMaster synchronous Wide 
Area Network (WAN) port. These steps ate not dependent on which user iXTce yl 

H T 8 1° Conflgure your system Th ‘‘ Administrator's Guide for your user interface 
describes how to set each option. The purpose of this chapter is to review elch of he 
port parameters and its options. 

AH of ihe possible port parameters are described in this chapter; however, you only 
need to set the parameters required for the configuration you want. Specific 7 
synchronous port configurations are described in Chapters 15 through 18. 

This chapter includes the following topics: 

Introduction to WAN port configuration options 
Description of leased line connections 
Description of Frame Relay connections 
Description of ISDN and switched 56Kbps line connections 
• Setting general port parameters 


Introduction to WAN Port Configurations 


Synchronous WAN ports are usually used for high-speed dedicated connections 
between two remote local area networks (LAN). Once a connection is established 
between two remote sites, a wide area network (WAN) is achieved. Synchronous WAN 
connections can be achieved using dedicated leased lines. Frame Relay connections 

2^048 Mb m ' °L ISDN lineS ' Connections can be thieved from 9600 bps to ' 
synches ports ^ ° f *** COnnection *ypes using one or more 

All of the WAN port connections are similar and are represented in Figure 7-1. For 

most applications a dedicated line connects two PortMaster routers, each located on a 
separate remote network. 
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Figure 7-1 Synchronous WAN Connection 

Once you have determined the type of synchronous connection to use between your 
remote locations, the synchronous port on each end of the connection must be 
configured. An example of the synchronous port configuration window from 
PMconsole for X Windows is shown in Figure 7-2. The actual window you see depen s 
on the version of PMconsole used. You can also configure the port using the comman 

line interface. 
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© 


Edit Window - Port SI 


Port Type: | Network | 
DialnetType: [Hardwired | Dial In" 


Transport Protocol: | PPP | Frame Relay 

Port IP Address: | Un-numbered | Specified 


Dial Out 


Dial In&Out 


IP Destination: Negotiated | Specified 


Netmask: 


IPX Network: 00000Q0Q 
Line Speed: (V| 5G000 


Modem Control: on | off 

Routing: | Broadcast | 


Listen 


Compression: Enabled | Disabled | 

Input Filter: [v)_ 

Output Filter: Q _ 


(Apply) (Save) ( Remote Reset) (Default) (cl^i) (p^ne) 

Figure 7-2 Synchronous Port Window SI—X Windows GUI 
All of the available parameters are described in this chapter. 

Leased Line Connections 

Leased line connections use leased or dedicated lines to establish a permanent 
connection between two routers. Once the connection is established it remains 
available on a continuous basis whether there is network traffic between the two 

ifoni^ I tr d lineS ? rOV i de dedicaled high-speed connections but often run 

at only 5 to 20 /o of their capacity during non-peak hours. Leased line connections 
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require a Digital Service Unit/Channel Service Unit (DSU/CSU) connected between 
the router and the dedicated line. The DSU/CSU takes digital data in the format used 
by the router and translates it into the digital format used by the leased line. 

PortMaster synchronous ports support leased-line connections from 9600 bps to T1 
(1 544Mbps) or El (2.048Mbps) speeds. Synchronous ports used for leased line 
connections .re configured for PPP operation and can have input and output ftl.ers for 
network security. 

For more information about configuring the PortMaster for leased line connections, 
refer to Chapter 15, "Synchronous Leased Line Connections. 

Frame Relay Connections 

Frame Relay can provide low-cost high-speed WAN connectivity. Frame Relay is a 
packet-based interface standard for the transport of protocol-oriented data. Frame 
Relav uses the traditional silence between transmissions by encapsulating P rotoco1 " 
oriented data in discrete units of information (generic packets) and transmitting them 
across statistically multiplexed paths as bandwidth becomes available, thereby 
effectively transmitting more data over a given bandwidth. 

The statistically multiplexed paths are called virtual circuits. Frame Relay does not 
allocate bandwidth to a given path until actual data needs to be transmitted. Asa 
result, the bandwidth within the network is dynamically allocated on a packet-by¬ 
packet basis. During peak load periods. Frame Relay devices can buffer or store the 

data for later transmission. 

Frame Relay also reduces much of the protocol processing currently performed by 
networks thereby reducing much of the transmission latency attributed to protocol 
processing. Instead, the endpoint devices, PC's and workstations, take on e 
responsibility for guaranteeing the error-free end-to-end transfer of fram ^ S , 6 
protocol processing is now left to higher layers inherent in the transported data. Frame 
Relay allows the communication bandwidth to be shared among multiple users 
creating bandwidth allocation on demand. In a properly configured Frame Relay 
environment, the incidence of errors or lost packets is extremely low even though the 
assurance of reliable communication is left to higher layer protocols. 

Each frame contains header information that is used to determine the routing of the 
data to the specified destination, as well as a Data Link Channel Identifier (DLC ), 
which defines the conversation that owns the frame. As a result, each endpoint can 
communicate with multiple destinations via a single access link to the network. Frame 
Relay traffic receives full bandwidth for short transaction bursts, instead of fixed 
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amounts of dedicated bandwidth. In other words, a single Frame Relay interface can 
ontam many individual conversations, each with its own DLCI, and each using as 
much bandwidth as is available at a given time. ° 

Before ordering your Frame Relay circuit or network from your telecommunications 
provider, there are several terms that should be clearly understood because the way 
that Frame Relay does statistical multiplexing can be confusing. Many Frame Relay 

terms are defined briefly in the glossary. A more detailed description can be faundin 
Frame Relay Terms" on page 16-1. 

“ d f ined by tbe DLCI and can be either permanent (PVC) or switched 
fV^' established by a user who specifies the destination. PVCs and SVCs are defined 
by their endpoints. The actual path between the two endpoints may vary from time to 
time and is determined by the network administrator or service provider. The Frame 
Relay implementation on PortMasters support PVCs but not SVCs 

Special management frames with unique DLCIs are passed between the network and 
the Frame Relay devices. These frames are used to monitor the link status and pass 
information about the status of PVCs and DLCIs. These frames are defined as the Local 

virtual drcuits 11 ^^ 306 ^ ^ t0 pr ° vide informati °n about the permanent 

PortMasters support Frame Relay on synchronous lines as described in RFC 1490. If 
y<X ! a rei configuring your system for Frame Relay, additional information about DLCIs 
and LMI must be provided at configuration time. The Frame Relay specific parameters 
are described in "Frame Relay Parameters" on page 7-11 and in Chapter 16, 
Synchronous Frame Relay Connections." 

You can find more information about Frame Relay by accessing the Frame Relay Forum 
home page on the world-wide web at http: //frame-relay. Indiana. edu/. 


Switched 56K and V.25bis Dialing Connections 


PortMasters support dial on-demand switched 56K connections using synchronous 
ports and the PPP protocol. Switched 56K connections require an external CSU/DSU 
and can be initiated on an as-needed basis or they can remain active all the time A 
dia -out location must be specified in the Location Table for dial-out connections and a 
dial-m user must be specified in the User Table for dial-in connections. 

p A ^7 C h APi s avaiiable for dial-in authentication when a router dials into your 
PortMaster. CHAP is available for dial-out authentication. 7 
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ISDN Connections 


PortMasters support Integrated Services Digital Network (ISDN) connections on 
synchronous ports. Like leased lines, ISDN lines are provided by the local tekphone 
company and can provide speeds of 64Kbps on each B-channel, which can bethree 
times faster than a traditional connection using a modem and an ordinary telep 
line. 

ISDN lines can be configured for Basic Rate Interface (BRI), which provides two 
B-channels used for voice or data and one D-channel used for signaling. ISDN lines can 
also be configured for Primary Rate Interface (PRI), which provides 23 B-channels and 

one D-channel. 


ISDN is most commonly used to provide low-cost connectivity between sites that 
cannot justify the cost of a dedicated high-speed leased line. However, ISDN 
connections provide more bandwidth than asynchronous dial-up connections can, as 
well as quicker call completion (approximately 1 second instead of 45 seconds). 

PortMasters require an external terminal adapter (TA) to connect from the PortMaster 
synchronous port to the ISDN link. For TAs that do not have auto-dial or for 
administrators who want to manually connect with the TA, PortMasters support 
V 25bis dialing. The dial script is configured as a destination in the Location Ta e 
described in Chapter 9, "Configuring Dial-Out Locations." For more mformation about 
configuring the PortMaster for ISDN with an external terminal adapter and V.25bis 
dialing, refer to Chapter 17, "Synchronous V.25bis Dial-Up Connections." 


PortMasters are also available with a built-in BRI port with integrated NT1, providing 
a U interface for ISDN connectivity. The BRI ports do not require an external terminal 
adapter. For more information about configuring the PortMaster for ISDN connections, 
refer to Chapter 18, "ISDN Connections." The U interface works in the USA and other 
countries that follow US telephone standards. 


Setting WAN Port Parameters 

The WAN port parameters described in this section are set for every synchronous port 
regardless of the connection type and configuration you have seiected. However, t e 
Network Type parameter determines which other parameters should be set. 
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Displaying Extended Port Information 


ThePorlMaster can display port information in brief or extended modes. The extended 
^IabllTi?dTp 1 ! ln ' or , mation than ,he brief m °<te- To display all of the information 
Extended jSplay mSf 0 " S ° me VeK ‘° n ° f PM “’" S * ^ the 


Port Type 

The Port Type parameter is always set to Network for synchronous ports. 

Setting the Network Type 

You must specify one of four Network Types as described in Table 7-1. 


Table 7-1 Network Types 


Type 

Description 

Hardwired 

This network type allows you to establish a dedicated 
network connection between two sites without modem 
dialing or authentication. In this mode the port 
immediately begins running the specified protocol. If 
the port is set for Hardwired it cannot be used for any 
other purpose. A hardwired connection must be used 
for a leased line or Frame Relay connection. 

Dial In 

This network type allows the port to accept dial-in 
network connections, for use with switched 56K or 

ISDN connections. The dial-in user is required to enter a 
user name and password before the connection is 
established. Authorized users are managed through the 
User Table described in Chapter 8, "Configuring Dial-In 
Users" or using RADIUS. 

PPP users wishing to authenticate with PAP or CHAP 
can start sending PPP packets. When the packets are 
received the PortMaster autodetects PPP and requests 

PAP or CHAP authentication. Refer to "PAP and CHAP 
Authentication" on page 3-15. 
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Table 7-1 Network Types (Continued) 


Type 

Description _ 

Dial Out 

This network type allows dial out to establish 
connections with remote locations. Dial-out network 
destinations are managed through the Location Table 
described in Chapter 9, "Configuring Dial-Out 

Locations." This network type can be used for ISDN 
and switched 56K connections. 

Dial In & Out (TwoWay) 

This network type allows the port to accept dial-in users 
and use dial-out locations. This network type can be 
used for ISDN and switched 56K connections. 


Setting the Transport Protocol 


The transport protocol for synchronous connections can be set to PPP for leased line, 
switched 56K, and ISDN connections, or to Frame Relay for a Frame Relay connection. 
If Frame Relay is selected, additional Frame Relay specific parameters are displayed. 
The Frame Relay specific parameters are described in "Frame Relay Parameters on 

page 7-11. 


Setting the Port IP Address 


The Port IP Address parameter can be set to Unnumbered or Specified. If Specified is 
selected, an IP address for the port must be entered. The Unnumbered option is used if 
you have selected the PPP protocol for leased line or ISDN connections. This option 
prevents the assignment of an IP address directly to the port; instead the Ethernet 
address of the router is assigned to the port. Fewer networks or subnets are needed as 

a result. 


The Specified option must be used if you are using Frame Relay on this port and is 
optional for leased lines. Be sure to enter the IP address of the synchronous port when 

this option is used. 


Setting the Destination IP Address 

The destination IP address or host name of the machine on the other end of the 
connection is used for leased line connections only. The IP Destination parameter can 
also be set to Negotiated. This allows the PortMaster to learn the IP address of the 
system on the other end of the connection using PPP IPCP address negotiation. 
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me user lable or RADIUS for dial-m, or in the Location Table for dial-out. 

Setting the Netmask 

Netmasks are used to divide networks into subnets as described in Chapter 2 

netm^L* 1118 C ° nCepts/ ' The default netmas k is 255.255.255.0. If you use a different 

addist ° n Y T T7u ' ent6r the SUbnet m3Sk that describes b ow your network 
dresses are divided between the network portion and the host portion This 

parameter is set for leased line or Frame Relay connections. ? 

Setting the IPX Network Number 

The IPX Network or IPXNet parameter is the IPX network of the serial link The IPX 
nehv°r k of the interface is entered in HEX format, described in Chapter ” 
Networking Concepts." This parameter is set only for leased line connections. 

Setting the Port Speed 

Although you can select a speed between 9600 and El, the actual line speed is set by 

The On 1 'i °u the t V1Ce t0 Whkh the PortMaster ^ connected or by the carrier 
The line speed can be set for reference, but the value is a comment only. 

Setting Modem Control 

The Modem Control parameter defaults to off for synchronous connections With 
modem control se, off, the PortMaster assumes the carrier detect line il aL" high. 

Tlus parameter should be set on only if you want to make use of the DCD sienal from 
he attached device. When Modem Control is on, the PortMaster uses *e condhlon S 
the carrier detect line to determine whether or not the line is in use. 

m^ed'onT/thi CSU/DSIr' ” Frame ^ COnnKHoM b “« 

netwnrt H f i h CSkJ/ , DSU 18 “figured accordingly. This parameter is usually on for 
network dial-in or dial-out configurations. ^ 
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Enabling Routing 


As described in Chapter 2, "Networking Concepts," PortMaster products automatically 
send and accept route information as part of RIP messages if routing is turne 
you select Broadcast for the Routing parameter, routing packets are sent to the system 
It the other end of the WAN connection. When Listen is selected, the PortMaster 
accepts routing packets from the WAN port. Both options can be selected at the same 
time to enable the sending and acceptance of RIP information. If neither option is 
selected, RIP is turned off and the PortMaster ignores all route messages received o 

the interface. 

The Routing parameter is only set on the port for network hardwired connections such 
as leased line or Frame Relay. Routing is set in the User Table for dral-rn connectrons 
and in the Location Table for dial-out connections. 


Setting TCP Header Compression 


Van Jacobson TCP/IP header compression improves performance on async ronou 
line but degrades performance on high-speed synchronous lines. Therefore, 
compression should be turned off on synchronous ports. 


Setting Input and Output Filters 


7-10 


Input and output packet filters can be attached to a synchronous port for leased lines 
orFrame Relay. Filters allow you to monitor and restrict network traffic. If anmput 
filter is attached, all packets received from the interface are evaluated against the rule 
set for the attached filter. Only packets permitted by the filter are passed throug 
PortMaster. If an output filter is attached, packets going to the interface are evaluate 
aSnst the rule set in the filter and only packets permitted by the filter are sent out of 
the interface. For more information about filters, see Chapter 10, "Configuring Filters. 

Set filters in the User Table or RADIUS for dial-in connections and in the Location 
Table for dial-out connections. 

Setting Dial Group 

The Dial Group parameter is used to assign synchronous ports to modem pools for use 
by V.25bis dial out locations. A group number is assigned to each location in * e 
Location Table. For example, you create a dial-out location called home a p y 
that the Dial Group for "home" is 2. When you configure each V.25bis synchronous 
port you may assign the port to a dial group. Any idle port in Dial Group 2 can be 
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work 1 h ! T i0n “ h ° me/ ' other P° rts not. In order for modem pools to 

Dkl Grout P Va r i^d St l t0 3 ^ Gr ° UP 3nd 6ach des «nation must specify a 

oup. Valid dial groups are numbered 0 to 99. The default dial group is 0 (zero). 

Frame Relay Parameters 

The following WAN port parameters apply only to Frame Relay interfaces. 

Automatically Learning the DLCI List 

Tmlf MI ?r a Cnf 6r SpedfieS Whether ° r not the ^Master accepts Local Management 
Interface (LhO) frames from the attached Frame Relay switch. If LMI is enable/on the 

of 10 s' the PortMasterPMI Parameter should be enabled. The default keepalive value 
of 10 seconds is inserted automatically. Enabling LMI causes the DLCI listto be 

sethnl the Sr? ^ LMI parameter on the PortMaster can be enabled by 
settmg the LMI keepalive timer. If the switch uses a different keepalive timer interval 

attached p ef VT SUre th ? keepaliVe timer on the Por tMaster matches that of the 
attached Frame Relay switch. 

The PortMaster also accepts Annex-D keepalives. Currently Annex-D keepalives can 

Frame Retav USm § the command line interface only not PMconsole. Contact your 
Frame Relay carrier to determine which keepalive they are using, LMI or Annex-D- 
both may be referred to as LMI. 6 nex u ' 


Listing DLCI's for Frame Relay Access 


a , LrdI °"f™ eX ' D 18 not used ' y° u must enter the DLCI list manually. The DLCI list is 

The P° f fM LC I S hat 316 aCCeSSlble throu 8 h the Frame Relay network by this interface 
The PortMaster uses inverse ARP to learn the IP addresses of routers attached to the" 

inverse*ARP lrtUa ° rCUltS FepreSented the s P ecified DLCIs, if those routers support 

The DLCI list can be provided by your Frame Relay carrier, or if LMI is enabled the list 
lecu-ned dynamically. For dynamically learned lists, 32 PVCs are allowed. Only 16 
PVCs can be specified if the DLCI and IP address are entered. If you specify only 

star r y n U C3n , 1St 24 ‘ When the Pvc and IP address are specified, the PortMaster 
statistically configures these entries into its ARP table. 

pagefb-lO ati ° n ° n Frame Rday Subinterfaces see /Trame R elay Subinterface" on 


Frame Relay Parameters 
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This chapter describes how to configure PortMaster users. These steps are not 

Administrltor^Guide f* 561 mterfaCe 7° U are usin § to configure your system. The 
ttZlT Tl l y ° Ur USer interface describes how to set each option The 

L P o™ol fetf" 15 ‘° re ™ W eaCh ° f the USeI parametere ,ha * and 


All of the possible user parameters are described in this chapter; however you onlv 
ar?de^dTc^XTZuTir 1aPPliCaHOn ' ^ 


This chapter includes the following topics: 

• A description of the different types of users 

• How to configure network users 

• How to configure login users 
How to configure dialback users 



Note If you have many users or many PortMasters, you should use RADIUS for user 
thentication rather than the User Table. Refer to the RADIUS Administrator's Guide 
for information about configuring RADIUS. 


Description of Users 


User parameters define the nature and behavior of dial-in users. The User Table 
contains entries for each defined dial-in user along with the characteristics for the user. 


PortMaster products allow you to configure four different types of users: 

• Network User—Normal 

• Network User—Dialback 

• Login User—Normal 

• Login User—Dialback 


Description of Users 
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Configuring Dial-In Users 


The User Table provides login security for users to establish login sessions or network 
tol-in connections. If you want to allow a network dial-in connectton tom another 
router, the router must have an entry in the User Table. 


Description of Network Users 


Network users are defined as users who dial into an^asynchronous 

serial or ISDN port on the PortMaster and send network packets using ( 

on asynchronous ports). This type of connection can be used 

routers who need to access and transfer data from the network. This type of user 
defined when network packets must be sent through the connection. 


Description of Login Users 


Login users are defined as users who connect to an asynchronous serial or ISDN port 
on § the PortMaster and establish a connection to a host. A login user can only send an 
receive characters through the connection. This type of connection is useful for users 
who need to access an account on a host running TCP/IP. 


Description of Normal and Dialback Users 


For each of the user types described above, you can choose whether the connection 
should be established immediately when the user logs into the PortMaster (Normal) or 
if the PortMaster closes the connection and dials the user back to establish a connectio 
(Dialback). Dialback is used for enhanced network security or to simplify telepho 

charging. 

When a normal user logs in, a connection with the network is established immediately. 
If the user is a network user, a PPP or SLIP session is started. If the user is a login user, 
a connection is established to the specified host. 

When a dialback login user logs in, the user is disconnected and the PortMaster dials 
back the user using a predefined telephone number, then establishes a session 
specified host. 

When a dialback network user logs in, the user is disconnected and the ^M ast er 
dials out to the location specified for that user and establishes a PPP or SLIP session. 
The PortMaster always dials back using the same port on which the user dialed m For 
more information about configuring locations, refer to Chapter 9, "Configuring Dial- 

Out Locations." 
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Configuring Dial-In Users 


Configuring Users 


All users are configured using the User Table unless you are using RADIUS The User 

™ taT \ S 6 Char f e / iStiCS ° f l0gin Users and inbound network collections 
This table can be accessed through the Table menu in the PMconsole graphical user 

m erface. An example of the User Table window is shown in Figure 8 § 1 The window 
that you see depends on the version of PMconsole you are using. 


If you are using RADIUS, refer to the RADIUS Administrator's 
information about configuring dial-in users. 


Guide for more 



Figure 8-1 User Table Window—X Windows GUI 


Description of Users 
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Configuring Dial-In Users 


The parameters to be configured differ for network and login users. All of the 
parameters are described in the following sections. 

For network dial-in connections from other routers, each remote router must be 
defined as a user on the PortMaster. 


Configuring Network Users 


Network users are allowed to establish PPP or SLIP connections to the network. These 
connections require a certain amount of configuration that is different from login users. 
This section describes each of the parameters that must be entered to configure 
network users. 

Once you have selected the network user, select Normal or Dialback. 


Configuring Normal Network Users 

Normal network users establish PPP or SLIP connections with the network as soon as 
they have been authenticated. 


Creating a New User 

A new user is created when you enter a user name and password. The user name is a 
string of up to 8 printable non-space ASCII characters. (RADIUS supports user names 
up to 63 characters long.) The password for the user is a string of up to 16 printable 
ASCII characters, for both the User Table and RADIUS. 


Setting the Protocol 

The network protocol for the network user can be set for PPP packet encapsulation or 
SLIP encapsulation as described in Chapter 3, “How PortMasters Work. If you want 
to use the Point-to-Point Protocol you have your choice of the following options. 


• PPP with IP packet routing 

• PPP with IPX packet routing 

• PPP with both IP and IPX packet routing 

You should select a protocol that is compatible with the rest of your network 
configuration and the user's capabilities. 
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Configuring Dial-In Users 


Setting the User IP Address 




Table 8-1 User IP Address Options 

IP Address Type 

Description 

Specified 

This option allows you to define a specific IP address for 
the remote computer or router. This method for 
assigning an IP address to a user is most commonly 
used for routers that establish a connection with the 
PortMaster. 

Assigned 

This option allows the PortMaster to assign a temporary 

IP address that is used for the current session only. The 
address used comes from a pool of addresses set up 
during global configuration. 

This method for assigning IP addresses to users is most 
commonly used when there are a large number of users 
who are authorized to dial in. 

Negotiated 

This option is only used for PPP sessions. Here, the 
PortMaster learns the IP address of the remote host 
using IPCP negotiation. 


Setting the Netmask 


The Netmask parameter defines the netmask of the 
the connection. 


user's system on the remote end of 


Setting the IPX Network Number 

You must assign a unique IPX number to the network connection between the remote 
device and the PortMaster, if you are using the IPX protocol for this user. 


Configuring Network Users 
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Configuring Dial-In Users 


Enabling Routing 


Users can have muting associated with them. This is used comiechom, -ch as dial 
on-demand routing where the remote router dials in to the local PortMaste . 

PortMaster products automatically send and accept route ^ 

messages if routing is turned on. If routing Broadcast is on, RIP packets are senti to 
host on the other end of the connection. When Listen is selected, the PortMa^er 
accepts routing packets from the host or router. Both options can be selected at the 
same time to enable the sending and acceptance of routing information. If neither 
option is selected, RIP is disabled and the PortMaster ignores all routing packets 

received on the interface. 


Setting the MTU 


The Maximum Transmission Unit or MTU defines the largest frame or; packet_th« can 
be sent on this connection. If an IP packet exceeds the specified MTU it is fragmented. 
An IPX packet that exceeds the specified MTU is dropped. PPP connections can have 
an MTU set from 100-1500 octets. SLIP connections can have an MTU set from 100-1006 
octets. PPP can negotiate smaller MTUs when requested by the calling party. 

The MTU is typically set to the maximum allowed for the protocol being used, either 
1500 or 1006 . However, smaller MTU values can improve performance for interactive 
sessions. If you are using IPX, the MTU should be set to at least 600. 


Setting TCP Header Compression 


Compression of TCP/IP headers can increase the performance of interactive TCP 
sessions if it is supported by devices on both ends of the connection. Livingston 
implements Van Jacobson TCP/IP header compression on asynchronous ports. 

Compression should not be used with multi-line load-balancing, but may be used with 
multi-link PPP. 

Compression must be enabled or disabled the same way on both ends of the 
connection if you are using SLIP. For PPP connections, the PortMaster supports bot 
bidirectional and unidirectional compression. Refer to RTC 1144 for more mformatron 
about header compression. 
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Configuring Dial-In Users 


Setting Filters 

Input and output packet filters can be attached to each network user If an inn„t fu 
is attached to a user, when the user dials in and establishes a connection all packets* 


Configuring Dialback Network Users 


hen the network user type Dialback is selected, the Location parameter must be set 

I near ° Ca T°m P Tf r ldentifies the name of a dialback location defined in the 

lncah f f'J u P ° rtMaster han § s U P ^ the user and dials out to the specified 
location to establish a network connection. p a 

Normal network users do not need Location Table entries. Dialback network users 
always require Location Table entries. Therefore, dialback network users must have 
their parameters set in the Location Table, not the User Table. 


Configuring Login Users 

f L TC?cwT are all r d t0 f tablish PortMaster (in.prad), rlogin, telnet, or netdata 
(TCP clear) connections with specified hosts. These connections require a different 

con iguration than network users. Therefore, the parameters listed on the Users Table 

differ for network and login users. This section describes each of the pTrameSs^hat 
must be entered to configure login users. parameters mat 

Once you have selected the Login User type for this user, select Normal or Dialback. 

Configuring Normal Login Users 

Normal login users establish connections with hosts using one of the login services 
described in Chapter 6, "Configuring an Asynchronous Port." § 

Creating a New Login User 

A new login user is created when you enter a user name and password. The User 

ASCII characters TraKUS ** ^ ^ be Uf> t0 8 P rintable no "-space 

C” (RADIUS supports user names up to 63 characters long.) The 

password for the user can be up to 16 printable ASCII characters. § 


Configuring Login Users 
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Configuring Dial-ln Users 


Setting the Login Host 


The Loein Host parameter defines the host to which the user is connected. The Login 
Host can be defined in one of three ways. Table 8-2 shows each of the host options. 


Table 8-2 Login Host Options 


Host Option 

Description 

Default 

This option allows the user to login to the default or 
alternate host specified for this port. 

Prompt 

This option allows the user to select a host at the time 
the login session is established. The user must enter the 


IP address or host name. 

Specified 

This option allows the user to connect only to the host 
specifically named in the Host parameter field. A valid 
host name or IP address must be added to this field 
after the Specified option is selected. 

This configuration is used when you want to allow a 
user to access a specific host. For example, this 
configuration could be used to allow the user "susan to 
always be connected with the host sales. 


Setting an Optional Access Filter 

An access filter can be associated with users to restrict which hosts they can log into. 
Access filters work as follows: 

• The user logs in and specifies a host 

• The host address is compared against the access filter 

• If the address is permitted by the filter, the connection is established 

• If the address is not permitted, the connection is denied 
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Configuring Dial-In Users 


Setting the Login Service Type 

All login users must have an associated login service that determines the nature of 
Ta e bTe C 8-3 neCh0n ^ ** ^ ^ ° f L °S in Service are available as described in 

Table 8-3 Types of Login Service 


Login Service 


PortMaster 


Rlogin 


Telnet 


Netdata 


Function 


PortMaster is the default login service and can be used 
to access any host that has the PortMaster in.pmd 
daemon installed. This type of login service is preferred 
because it makes the PortMaster port operate as if it 
was a serial port attached to the host. 

Rlogin uses the rlogin protocol to establish a login 
session to the specified host. This login service is used 
on mixed UNIX networks where it is impractical to use 
the PortMaster login service. 

Telnet is supported on most TCP/IP hosts. This login 
service should be selected when the PortMaster and 
rlogin protocols are not available. The default TCP port 
number is 23, but another number can be entered. 

Netdata creates a virtual connection between the 
PortMaster port and another serial port on another 
PortMaster or between the PortMaster port and a host. 
This login service creates a clear channel TCP 
connection. To connect to another PortMaster port using 
netdata, that port must be configured as a Host Device 
with a Device Service Netdata using the same TCP port 
number. The default netdata TCP port is 6000; however 
any number between 1 and 65535 can be used. 


Configuring Login Users 























Configuring Dial-In Users 


Configuring Dialback Login Users 


When the Login User type Dialback is selected, the Telephone Number parameter is 
displayed and must be set. Telephone Number identifies the number tha 
PortMaster should dial to establish a connection with this user. The Login User 
SSLmm can only be used with modems tha, support the Hayes AT command 
set The PortMaster always dials back using the same port on whtch the user diale 
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Configuring Dial-Out Locations 


™a.ion P Tabl^ ribeS h ° W '° T® 8 ^ " etworl< dk| -‘>“* ^Hnattom using the 

review each „ f rhe Lncaiion Tah.e P^ZVfpZT^el^ **" * 
All of the possible location parameters are described in this chan^r- w 

f ° r ^ aPPliCati0n ’ Sped& ^-t^ns 



Note - The Location Table is not used for dialing out with tip or UUCP For 
IZst n red n ^es ■■ P ' iCaHOnS ' '° U ' "Configuring the PorfMaster to 


This chapter includes the following topics: 
Overview of managing locations 
How to set dial-out on-demand locations 
How to set continuous dial-out locations 
How to set manual dial-out locations 
Setting general location parameters 
Setting multi-line load-balancing parameters 
Setting multilink PPP (MP) parameters 
Defining asynchronous and V.25bis chat scripts 
Testing your location configurations 


Overview of Location Management 


s:'=ss~== 


Overview of Location Management 
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Configuring Dial-Out Locations 


Table can also be configured using the command line interface. 



Figure 9-1 Location Window—X Windows GUI 

A unique dial-out location must be created for each remote host or router you want to 
access Location Table entries are identified by a unique Location Name parame , 
which can be any 12-character name used to identify the remote location. 
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Configuring Dial-Out Locations 


“*So“ e ”o^r ^ *» « —„ 

Table 9-1 Initiating Dial-Out Connections 


Setting On-Demand Dial-Out Locations 


Connection Type 

Description 

On Demand 

This type of connection with the specified location is 
started when packets for the remote location are queued 
by the PortMaster. n 

Continuous 

This type of dial-out connection with the specified 
location is always active. If the telephone connection is 
dropped the PortMaster initiates a new connection with 
the location after a one minute waiting period. 

Manual 

This type of connection with the specified location is 
started when the administrator requests a connection 

This configuration can be used by the administrator to 
test a connection. This type of connection can also be 
used for network dialback users 

—-----1 


°!l d r an , d dial '° U , t COnnections to selected locations can save money because the 
telephone line is only used when there is traffic that needs to be transmitted The dial 

;- h d rr COn£lgUrati u n ^ 3lSO be US6d aS 3 backu P for «*er types of connections 

with the Mi e T Sm8 S SPeed Synchr ° nous lines - Di al-out on-demand is usually used 
with the Idle Time parameter so that the connection is closed when no longer needed 

When configuring an on-demand location be careful not to have the on-demand 
location be the route to the Loghost, RADIUS server, RADIUS AccounwTerver or 

camf I°f j* P ° rt ^ PortMaster lo gi n or device service, unless you are ver V 
careful to understand the effect of these services upon dial on-demand. 7 7 

wil^r 8 a "° n ; demand location is «t to On, Listen or Broadcast, the PortMaster 

when the idle t ^ Whe ° * b °° tS ' t0 Update routin § ^formation. It hangs up 

when the idle timer expires since RIP traffic does not reset the idle timer. 

OmDemind^ t0 3 ^ COnnectio "' set th e Type parameter to 


Overview of Location Management 
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Configuring Dial-Out Locations 


Setting Continuous Dial-Out Locutions 


SSSSSf- 

dropped for any reason, the PortMaster dials out again and re-establishes 
connection after a one minute wait. 

To set a location to support a continuous connection, set the Type parameter to 
Continuous. 


Setting Manual Dial-Out Locations 


Locations can be set for manual dialing while you are configuring them or if you want 
the connection to be established only when requested by the administrator or a 
twnrk dialback user Use manual dial-out to test the connection before changing 
rcr"ronS location. To se, a location to support a manual connectton, 

set the Type parameter to Manual. 



Note - When switching a location from Manual to On Demand, verify that the dial-out 
cormectionlaas'been closed and tha, the serial port is reset before updatmg the locatron 

table. 


Setting Locution Tuble Purunteters 


The narameters described in this section allow you to configure dial-out locations^ 
mZ of “hei same parameters are se. for network users. Remember, the User Table 
MrtrolsdiaHn connLtions and the Location Table controls dial-ou. connect,ons. 


Setting the Protocol for a Location 


fry nee the Point-to-Point Protocol you have your choice of the o owing p 


• PPP with IP packet routing 

• PPP with IPX packet routing 

• PPP with both IP and IPX packet routing 


• Frame 
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Configuring Dial-Out Locations 


o„° mPa , Hbl : ““ rem ° te For more 

subinterface, see 'Frame Relay S„bi„terhce”on P pagTl t 6-10° FKme ° Frame ReIay 


Setting the Destination IP Address 


3;“,^”“' ^ “ 10 SpeCifled “ nd ' he IP f o 8 ; the remote 

a^dZoT^'‘T e ‘° Ca,i0nS 561 for oontinuous or manual operation the IP 
Negouated addresses cannot be used with SLIP LfflESfSSE. 


Setting the Destination Netmask 


c T »n«,r 8k Parame ‘ er “ ‘ he ne ' maSk ° f h ° S ' or O" the .emote end of the 



^r, length subnet masks - au -«■ * - 


Setting the IPX Network Number 




Enabling Routing 




Setting Location Table Parameters 
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Configuring Dial-Out Locations 


PortMaste, products 

all routing messages from this location. 

If you are using RIP, the destination address for the connection must match the source 
address of the RIP packets received from the remote router. 

Setting the MTU 

The Maximum Transmission Unit or MTU defines the largestt frameor ^ “ n 

he sen, to dropped 

SESS& JfSfi - hom 100-1500 octets. SLIP connections can have 

an MTU set from 100-1006 octets. With PFP, the PortMaster can negotiate smaller 
MTUs when requested during PPP negotiation. 

ThP MTU is typically set to the maximum allowed for the protocol being used, either 
1500 ^ 1006 . However, smaller MTU values can improve performance for mterac ive 
sessions. If you are using IPX, the MTU should be set to at least 600. 


Setting TCP Header Compression 


Compression of TCP/IP headers can increase the performance of interactive TCP 
sessions if the devices on both ends of the connection support compression. 
PortMasters support Van Jacobson TCP/IP header compression on asynchronous 

ports. 

Compression should not be used with multi-line load-balancing, but may be used with 
multilink PPP. 

Compression must be enabled or disabled on both ends of the connection if you are 
using* SLIP For PPP connections, PortMasters support both bidirectional and 
unidirectional compression. Refer to RFC 1144 for more information about header 

compression. 
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Setting Filters 

e ? ,f an inpu *<■ «»*- *» 

Setting the Idle Time 

S;5S3H“-= 



Note Idle times for dial-in connections are set on each 
connections are set in the Location Table. 


port. Idle times for dial-out 


Setting the Dial Group 


Each location must be assigned to a Dial Group, as described in Chapter 6 
Configuring an Asynchronous Port" and Chanter 7 Tnnfim • c / 

WAN Port." Onlv ports in thie n; a i r P Confl S unn g a Synchronous 
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Setting Multi-line Load-balancing 

Several asynchronous ports can be set to connect toiSbSnctaV A^lShold or 
distribute heavy traffic loads. This ts called to bring up an 

sass-- 

determine if the high-water mark has been reached. 

ports can be used for other purposes. 

When multiple ports are in use, each packet is queued on the port with the least 
ImnunTof traffic in the queue. Ports with very different speeds should not be 
“nedfor load balancing purposes^ overall° f 
ports will be approximately equal to the number of ports, multiplied by 

throughput of the slowest port. 



Note - TCP header compression cannot be used with multi-line load-balancing. 


The following parameters are used to configure load-balancing and define when 
additional lines to this location are dialed. 


Setting the Maximum Number of Dial-Out Ports 


The Maximum Ports parameter defines the number of dial-out ports that can be used 
to dial and establish a connection with this location. This parameter creates a pool of 
STtSSS used to establish a connection with this location at the same time. 

If the maximum number of ports is set to 0, no connection with this location is 
established If the Maximum Ports parameter is set to any number greater than , 
mgh Water Mmk parameter is used" to determine when additional connections are 

established with this location. 
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across th ‘ glances the toad 

disconnect unneeded taes parameter " USed *° deter '»™ -hen to 

Setting the High Water Mark 

staS be established' SeSShwT' t‘l ^T addi,i ° na ' ‘° ,his «*»«<>" 

iunal^ number of h^^^^^^^^hundre^However'networl^useta dolng^file^ 

™ S Val “ e iS “'y used when “» Maximum Port parameter is greater than 1. 

Setting Multilink PPP 

ComOS 3.3 and later supports Multilink PPP (MP) as described in RFr 1717 T 


Defining and Using Chat Scripts 


Chat scripts are strings of text used to send commands to modems or V25bis dialers 
ou, locaHLldtoig'S “Tend ~i, E gf *" ^ a d “‘ 

PortMaster chat scripts should be written for placing a call and logging into the 

wmsmmis 

.he“^ 
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Configuring Dial-Out Locations 


Send strings can be up to 30 printable ASCII characters. In addition, the special 
characters shown in Table 9-2 are available. 

Table 9-2 Chat Script Special Characters 


Character 

Description 

// tt 

Expect or send nothing 

\r 

Sends a carriage return character 

\n 

Sends a line feed character 

\0XX 

\\ 

Sends the octal digit specified by XX 
Sends a single backslash character 


All chat script send strings must end with a carriage return <\r) character, except 
V.25bis script send strings. 

A valid expect string needs to only check for the las. word in fcr 

example, if the remote system is prompting for a login ID, it may issue the g 

string: 


Please enter your login: 


„ ■ , is a valid expect string for this prompt. The last expect string in a chat script 

establishing a PPP or SLIP connection, the final expect string sh 
PPP connections and SLIP for SLIP connections. 

Chat scripts for remote locations are specified using the Location Table. No quotes are 
needed for any of the send and expect strings if you are using PMconsole. 
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Configuring Dial-Out Locations 


Asynchronous Chat Script Examples 


Table 9-3 is an example of a dial script that 
PortMasters that have modems supporting 


establishes a connection between two 


Table 9-3 

r — 

Example Chat Script 


1 String 

Type String 

Description 1 

Send 

ATDT18005551212\r 

Dials the number specified 

Expect 

CONNECT 

Expect the modem to connect 

Send 

\r 

Sends a carriage return to prompt 
the next transmission 

Expect 

ogin: 

Expect a prompt for your user name 
that ends with the characters 
"login:" or "Login:" 

Send 

m y_login\r 

Sends the actual user name for your 
location, known to the remote 
system 

Expect 

ssword: 

Expect a prompt for your password 
that ends with the characters 
"ssword:" 

Send 

my_password \ r 

Sends the actual password, known 
to the remote site, associated with 
your user name 

Expect 

PPP 

Expect the remote system to start 
the PPP connection 
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Configuring Dial-Out Locations 


Table 9-4 shows other chat script send and expect strings and their meanings. 
Table 9-4 Other Chat Script Send and Expect Strings 


String Type 

String 

Description 

Send 

AT Z\r 

Sends the AT Z command to the 
modem 

Expect 

Send 

OK 

ATDT18005551212\r 

Expect OK 

Sends the dial command and dial 
number to the modem 

Expect 

Expect 

=DCD= 

Waits for Carrier Detect 

Expect first character of PPP 
negotiation 

Send 

=PAP=user/password 

Authenticate using PAP with ID 
user and password password 


Any strings that define the traffic between two systems can be incorporated into dial 


scripts. 


V.25bis Chat Script Example 

A V.25bis cha. script should be used instead of an ^nano m 
example of a V.25bis chat script. 



>te - There is no carriage return after the phone number PPP au ^nticatkm «n be 
rap With CHAP, or with PAP by using the =PAP- Send string in 


Table 9-5 V.25bis Chat Script Send and Expect Strings 


String Type 

String 

Description 

Send 

CRN15105552222 

Sends the dial command and dial 
number to the terminal adapter 

Expect 

=DCD= 

Waits for Carrier Detect 
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Testing Your Location Configuration 


to manuaI so that 

that your chat scr.pt and other location specific parameters are configured S co°^"l™ 
ConZr s o^ 0n Dimr„ n d fi8Ured Cha " 8e ' he *«» Manna, to 



Note When switching a location from Manual to On Demand verify that thp dial 
Lo“ab,e. bem dOS,d “ d ' hat the Seria ‘ P° H ‘ S res “ updating the ° M 


Testing Your Location Configuration 
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Configuring Filters 


This chapter describes how to configure input and output filters IP IPX and cap , 
are reviewed and filter examples are given P ' X and SAP rules 

This chapter includes the following topics: 

' ° VerVieW 0f P acket “<i how they are organized and created 
A description of IP, IPX, and SAP filter rules 
* Filtering FTP packets 

How filters are used to limit network access 
goal*descrrt>ecT* CS ^ M " d * used to accotnpiish the 


Overview of Filters 


Filters can also be used for packet selection, such as when using a packet trace to 
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Configuring Filters 


The packet filtering mechanism is designed with four objectives: 

• Reliability 

• Predictability 

• Flexibility 

• Efficiency 

The features listed in Table 10-1 help achieve these objectives. 
Table 10-1 Features of PortMaster Filtering 


Feature 


Input and Output 
Filters 


Source and Destination 
Address Filtering 


Description 


Protocol Filtering 


Source and Destination 
Port Filtering 


Established Session 
Filtering 


Each user, each location, and each network hardwired 
port can be assigned both an input packet filter and an 
output packet filter. Having both input and output 
filters can decrease the number of rules needed and can 
provide better tuning of your security policy. 

You can create filters that evaluate both the source and 
destination addresses of a packet against a rule list. The 
number of significant bits used in IP address 
comparisons can be set, allowing filtering by a specific 
host, subnet, network number, or a group of hosts 
whose addresses are within a given bit-aligned 
boundary. 

Packets of certain protocols can be permitted or denied 
by a filter, including IPX, SAP, TCP, UDP, and ICMP 
packets. 

You can create filters that use the source and destination 
port numbers to control access to certain network 
services. This includes evaluation based upon whether 
the port number is less than, equal to, or greater than a 
specified value. 

You can create filters that use the status of TCP 
connections as part of the rule set. This can allow 
network users to open connections to external networks 
without allowing external users access to the local 
network. 
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Configuring Filters 


Table 10-1 Features of PortMaster Filtering (Continued) 


Feature 

Description 

Number of Rules 

Each filter can have any number of rules, limited only 
by the memory available within the PortMaster. 

Simple Rule Creation 

You can create filters that only include as much 
information as is necessary to describe the rule. For 
example, if the rule is not based on specific source and 
destination addresses, they can be omitted from the 
rule. 

In-line Rule Processing 

Rules are processed in the order they are specified in 
the rule set. This eliminates ambiguity about how a 
packet is handled. The first rule that matches the packet 
is applied. If the rule is defined as permit, the packet is 
allowed to pass. If the rule is defined as deny, the 
packet is discarded. If there are any rules in the filter 
and the packet does not match any of the rules, the 
packet is discarded. 


Filter Organization 

Filters are maintained in a Filter Table in the PortMaster nonvolatile configuration 
memory. These filters can be created or modified at any time and are independent of 
any active packet filters. Each filter has a name of up to 16 characters. 

Each packet filter can contain three sets of rules: IP, IPX, and SAP. Within each set, the 
rules are numbered starting at one. Newly created packet filters do not contain any 
rules. 

An empty set of rules is equivalent to the permit rule. If there are one or more rules in 
the set, any packet not explicitly permitted by a rule is denied at the end of the rule set. 

IP and IPX packet filters are attached to users, locations, or network hardwired ports as 
either input or output filters. SAP filters are only attached as output filters. For 
asynchronous interfaces, the packet filter is enabled when the port transitions to the 
established state. The Ethernet interface filter is enabled as soon as the name of the 
input or output filter is attached to the interface. 


Overview of Filters 
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All packets passing into an interface with an input filter are evaluated against the rules 
in the filter. As soon as a packet matches a rule, the action specified by that rule is 
taken. If no rules match the specific packet, the packet is denied and is discarded. 
Whenever an IP packet is discarded, the PortMaster generates an ICMP Host 
Unreachable message back to the originator. For interfaces with output filters attached, 
all packets going out of the interface are evaluated against the filter rules and only 
those packets permitted by the filter are allowed to pass out of the interface. 

Filter Creation 

Filters are created using the Filter Table available with any of the PMconsole interfaces 
to the PortMaster or from the command line. To create a filter, open the Filter Table by 
selecting Filters from the Tables menu. Figure 10-1 shows an example of the Filter 
Window. The window you see depends on the version of PMconsole you are using to 
configure your PortMaster. 



Figure 10-1 Filter Table Window—X Windows GUI 
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Setting Filters 

Filters are constructed by creating the filter and then adding rules that permit or deny 
certain types of packets. Packets are evaluated in the same order as the rules are listed. 
Therefore, the packets representing the highest volume of traffic should be specified 
early in the list of rules, where possible. 

Filters can be attached to Ethernet interfaces, hardwired serial ports, users, and 
locations. Ethernet filters are used to control the types of packets that are allowed to 
pass through the local Ethernet port. Filters are set on asynchronous ports configured 
for hardwired operation when security with another network is an issue. 

User filters are attached to users configured for dial-in SLIP or PPP access. When a user 
makes a PPP or SLIP connection the designated filters are attached to the interface 
used. 

Location filters are attached to dial-out locations using SLIP or PPP connections. When 
the connection is established to a remote site the designated filters are attached to the 
interface used. 

You can attach filters for incoming packets or for outgoing packets or both. It is usually 
more effective to filter incoming packets for two reasons: 

• You know which interface the packet is coming in on 

• You can protect the PortMaster itself 

Setting IP Filters 

IP rules are specified using the following syntax: 


action [ [source_addr/mask dest_addr/mask] protocol [option]] [log] 
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Each of the criteria and its options are shown in Table 10-2. 


Table 10-2 Description of IP Rule Syntax 


Criteria 

Options 

Description 

action 

permit 

Permits the packet to pass through the interface. 


deny 

Stops the packet from passing through the interface. 

The packet is dropped and an ICMP Host 

Unreachable message is sent to the source address. 

source_addr/ 

mask 


Specifies the comparison with the source IP address of 
the packet. The number of high-order bits of the 
source IP address is determined by the mask. 

Common mask values are: 

0—To match all packets with any source address 

16—Looks only at network number of class B IP 
addresses 

24—Looks only at network number of class C IP 
addresses 

32—Looks at the entire IP address 

dest_addr/ 

mask 


Specifies the comparison with the destination IP 
address contained in the packet. The number of high- 
order bits of the destination IP address is determined 
by the mask. 

protocol 

TCP 

Specifies that the filter looks for TCP packets. This 
type of rule supports filtering on source and 
destination port numbers as well as the established 
state of the connection. 


UDP 

Specifies that the filter looks for UDP packets. This 
type of rule supports filtering on source and 
destination port numbers. 


ICMP 

Specifies that the filter looks for ICMP packets. This 
rule supports filtering on the type of ICMP message. 
The only option for this rule is: 

[ type i cmp_message_ type] 

A comparison is made with the ICMP message type 
contained in the packet. ICMP message types are 
defined in RFC 1700, "Assigned Numbers." 
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Table 10-2 Description of IP Rule Syntax (Continued) 


Criteria 

Options Description 

option 

The options depend on the protocol specified. The 

TCP options are described in Table 10-3. The UDP 
options are described in Table 10-4. The ICMP option 
is described in the ICMP option above. 

log 

If this rule is matched a syslog message is sent to the 
loghost with auth. notice facility and priority. 

The syntax for TCP options is shown below and the options are explained in 

Table 10-3: 

[src eq|gt|It port_number ] [dst eq|gt|lt port_number ] [estab] 

Table 10-3 

TCP Rule Options 

Option 

Description 

src 

Compare the port number in the filter with the TCP source port 
number 

dst 

Compare the port number in the filter with the TCP destination 
port number 

eq 

The port number in the packet should be tested to see if it is equal 
to the port number specified in the rule 

gt 

The port number in the packet should be tested to see if it is 
greater than the port number specified in the rule 

It 

The port number in the packet should be tested to see if it is less 
than the port number specified in the rule 

estab 

Determine if the packet is for an established TCP network 
connection. Packets being sent to start new TCP connections do 
not match this rule. 
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The syntax for UDP options is shown below and the options are explained in 
Table 10-4: 


[src 

eq | gt | It port_number ] [dst eq | gt | It port_number ] 

Table 10-4 

UDP Rule Options 

Option 

Description 

src 

Compare the port number in the filter with the UDP source port 
number 

dst 

Compare the port number in the filter with the UDP destination 
port number 

eq 

The port number in the packet should be tested to see if it is equal 
to the port number specified in the rule 

gt 

The port number in the packet should be tested to see if it is 
greater than the port number specified in the rule 

It 

The port number in the packet should be tested to see if it is less 
than the port number specified in the rule 


Table 10-5 lists common TCP and UDP services. A more complete list is available in 
RFC 1700, "Assigned Numbers." If you are configuring filters with PMconsole, you can 
use the service name or number for the port, as found in the /etc/services file on 
most hosts. If you are configuring filters from the command line interface, you must 
use the port number, not the name. 


Table 10-5 TCP and UDP Port Services 


Service 

Port 

Type 

Description 


ftp-data 

20 

tcp 

File Transfer (Default Data) 


ftp 

21 

tcp 

File Transfer (Control) 


telnet 

23 

tcp 

Telnet 


smtp 

25 

tcp 

Simple Mail Transfer (email) 


nicname 

43 

tcp 

Who Is 


nicname 

43 

udp 

Who Is 
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Table 10-5 TCP and UDP Port Services (Continued) 


Service 

Port 

Type 

Description 

domain 

53 

tcp 

Domain Name Server 

domain 

53 

udp 

Domain Name Server 

tftp 

69 

udp 

Trivial File Transfer 

gopher 

70 

tcp 

Gopher 

gopher 

70 

udp 

Gopher 

finger 

79 

tcp 

Finger 

finger 

79 

udp 

Finger 

www-http 

80 

tcp 

World Wide Web HTTP 

kerberos 

88 

tcp 

Kerberos 

kerberos 

88 

udp 

Kerberos 

pop3 

110 

tcp 

Post Office Protocol - Version 3 

sunrpc 

111 

tcp 

SUN Remote Procedure Call 

sunrpc 

111 

udp 

SUN Remote Procedure Call 

auth 

113 

tcp 

Authentication Service 

auth 

113 

udp 

Authentication Service 

nntp 

119 

tcp 

Network News Transfer Protocol 

ntp 

123 

tcp 

Network Time Protocol 

ntp 

123 

udp 

Network Time Protocol 

snmp 

161 

tcp 

SNMP 

snmp 

161 

udp 

SNMP 

snmptrap 

162 

tcp 

SNMPTRAP 

snmptrap 

162 

udp 

SNMPTRAP 

imap3 

220 

tcp 

Interactive Mail Access Protocol v3 

imap3 

220 

udp 

Interactive Mail Access Protocol v3 

exec 

512 

tcp 

remote process execution 

login 

513 

tcp 

remote login 
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Table 10-5 TCP and UDP Port Services (Continued) 


Service 

Port 

Type 

Description 

who 

513 

udp 

remote who (rwhod) 

cmd 

514 

tcp 

remote command (rsh) 

syslog 

514 

udp 

System Log Facility 

printer 

515 

tcp 

lpd spooler 

talk 

517 

tcp 

terminal to terminal chat 

talk 

517 

udp 

terminal to terminal chat 

ntalk 

518 

tcp 

newer version of terminal to terminal chat 

ntalk 

518 

udp 

newer version of terminal to terminal chat 

router 

520 

udp 

RIP 

uucp 

540 

tcp 

UNIX to UNIX Copy 

uucp 

540 

udp 

UNIX to UNIX Copy 

uucp-rlogin 

541 

tcp 

a different variant of UUCP/TCP 

uucp-rlogin 

541 

udp 

a different variant of UUCP/IP 

klogin 

543 

tcp 

Kerberized login 

klogin 

543 

udp 

Kerberized login 

pmd 

1642 

tcp 

PortMaster daemon in.pmd 

pmconsole 

1643 

tcp 

PortMaster Console Protocol 

radius 

1645 

udp 

Remote Authentication Dial In User 

Service 

radacct 

1646 

udp 

RADIUS Accounting 
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Setting IPX Filters 

IPX rules are specified using the following syntax: 


action [keyword value] [keyword value ] . . . 


Each of the valid keywords are shown in Table 10-6. 


Table 10-6 Description of IPX Rule Syntax 


Option/Keyword 

Description 

action 

The two options for action are permit and deny. Permit allows 
the packet to pass freely through the interface. Deny stops the 
packet from passing through the interface. 

srcnet 

Compares the stated value with the source IPX network address 
of the packet. This value must be in hexadecimal format. 

dstnet 

Compares the stated value with the destination IPX network 
address in the packet. This value must be in hexadecimal 
format. 

srchost 

Compares the stated value with the source IPX node address in 
the packet. This value must be in hexadecimal format. 

dsthost 

Compares the stated value with the destination IPX node 
address in the packet. This value must be in hexadecimal 
format. 

srcsocket 

Compares the stated value with the source IPX socket number 
contained in the packet. A second keyword indicating the type 
of comparison must be specified. Valid values for the second 
keyword are: eq. It, or gt. The value follows the second 
keyword. 

dstsocket 

Compares the stated value with the destination IPX socket 
number contained in the packet. A second keyword indicating 
the type of comparison must be specified. Valid values for the 
second keyword are: eq. It, or gt. The value follows the second 
keyword. 
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Setting SAP Filters 

SAP can be filtered on output. SAP rules are specified using the following syntax: 


action [keyword value ] [keyword value] 


Each of the valid keywords are shown in Table 10-7. 


Table 10-7 Description of SAP Rule Syntax 


Option/Keyword 

Description 

action 

The two options for action are permit and deny. Permit allows 
the SAP entry to be broadcast in SAP packets. Deny stops the 
SAP entry from being sent in SAP broadcasts. 

server 

Compares the value with the name of the server which is 
advertising its service. The server value is case-sensitive. 

network 

Compares the stated value with IPX network address of the 
server. This value must be in hexadecimal format. 

host 

Compares the stated value with the IPX node address of the 
server. This value must be in hexadecimal format. 

socket 

Compares the stated value with the IPX socket number of the 
server. A second keyword indicating the type of comparison 
must be specified. Valid values for the second keyword are: eq. 

It, or gt. The value follows the second keyword. 


Filtering FTP Packets 

Filters can be used to either permit or deny FTP packets. It is important to understand 
how this protocol works before you develop FTP filters. 

File Transfer Protocol (FTP) uses TCP port 21 as a control channel, but it transfers data 
on another channel initiated by the FTP server from TCP port 20 (FTP-data). Therefore, 
if you want to allow your internal hosts to FTP outward, you must allow external hosts 
to open an incoming connection from TCP port 20 to a destination port above 1023. 
Allowing this type of access to your network can be very risky if you are running RPC 
or X Windows on the host from which you are FTPing. As a result, many sites use FTP 
proxies or passive FTP, neither of which is discussed in this guide. 
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However, Firewalls and Internet Security: Repelling the Wily Hacker by Cheswick and 
Bellovm (Addison-Wesley 1994, ISBN 0-201-63357-4) and Building Internet Firewalls by 
Chapman and Zwicky (O'Reilly & Associates 1995, ISBN 1-56592-124-0) are good 
references. 6 

Likewise, if you want to allow external hosts to connect to your FTP server and 
transfer files, you must allow incoming connections to TCP port 21 on your FTP server 
and allow outgoing connections from TCP port 20 of your FTP server. 

In the following examples, ftp.edu.com is the name of your FTP server and 
proxy.edu.com is the name of the host from which you allow outgoing FTP. 


internet.in 

filter 





permit 

tcp 

0.0.0.0/0 

proxy. edu. com/32 src eq 20 

dst 

gt 

1023 

permit 

tcp 

0 . 0 . 0.0/0 

proxy. edu. com/32 src eq 21 

estab 


permit 

tcp 

0.0.0.0/0 

ftp.edu.com/32 dst eq 21 




permit 

tcp 

0.0.0.0/0 

ftp.edu.com/32 src gt 1023 

dst 

eq 

20 estab 


internet.out filter 

permit tcp proxy. edu. com/32 0.0.0.0/0 dst eq 21 

permit tcp proxy.edu.com/32 0.0.0.0/0 src gt 1023 dst eq 20 estab 

permit tcp ftp.edu.com/32 0.0.0.0/0 src eq 20 dst gt 1023 

permit tcp ftp.edu.com/32 0.0.0.0/0 src eq 21 dst gt 1023 estab 


If you allow any internal host to FTP outwards, replace proxy.edu.com/32 with 

0.0.0.0/0 or your network_number /24. Take appropriate precautions to reduce the risk 
this configuration creates. 



Note - This configuration is not recommended if you run any of the following 
protocols on any of the hosts from which you allow ftp access: NFS, X, RPC, or any 
other service that listens on ports above 1023. ' ' y 
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Filter Examples 

Filters are very flexible; therefore, it is very important that you evaluate the types of 
traffic that a specific filter permits or denies through an interface before attaching t e 
filter. If possible, filters should be tested from both sides of the filtering interface to 
verify that the filter is operating as you intended. The log keyword is very useful 
when testing and refining filters. 


Note - Any packet that is not explicitly permitted by a filter is denied, except for the 
special case of a filter with no rules, which permits everything. 


Simple Filter Example 

The filter is written as follows: 


permit 

permit 

permit 

permit 

permit 

udp dst eq domain 
tep dst eq smtp 
iemp 

0.0.0.0/0 ftp.edu.com/32 tep dst eq ftp 
tep sre eq ftp-data dst qt 1023 


Table 10-8 shows the description of the filter. 

Table 10-8 Description of Simple Filter 


Rule 

Description 


1 

Permits Domain Name Service (DNS) UDP packets from any host to 
any host. 

2 

Permits SMTP (mail) packets. 


3 

Permits ICMP packets, including ping packets. 


4 

Permits FTP from any host but only to the host ftp.edu 

.com. 

5 

Permits FTP data to return to the requesting host. This rule is required 


to provide a reverse channel for the data portion of FTP. 
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Filter for Internet Connection on a Hardwired Port 

The filter in this example is designed as an input filter for a hardwired network 
interface set up to connect to the Internet. If this filter were used for dial on-demand 
connections it should be attached to the appropriate user and location. The filter is 
written as follows: 


deny 192.168.1.0/24 0.0.0.0/0 log 



permit 

tcp 

estab 



permit 

0 . 0 . 

0.0/0 mail.edu.com/32 tcp dst 

eq 

smtp 

permit 

0 . 0 . 

0.0/0 ftp.edu.com/32 tcp dst 

eq 

ftp 

permit 

tcp 

0.0.0.0/0 www.edu.com/32 dst 

eq 

www-http 

permit 

tcp 

src eq ftp-data dst gt 1023 


permit 

udp 

dst eq domain 



permit 

tcp 

dst eq domain 



permit 

icmp 





Table 10-9 describes the filter. 


Table 10-9 Description of Internet Filter 


Rule 

Description 

i 

Deny any incoming packets from your own network (192.168.1.0). This 
blocks IP spoofing attacks. Log the header information using syslog. 

2 

Permits already established TCP connections. 

3 

Permits SMTP connections to the mail server mail.edu.com. 

4 

Permits FTP to the host ftp.edu.com. 

5 

Permits www (http) access to the host www.edu.com. 

6 

Permits FTP data channel. 

7 

Permits Domain Name Service. 

8 

Permits Domain Name Service zone transfers. (You may wish to 
restrict this rule to allow only connections to your name servers.) 

9 

Permits ICMP packets. 
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Domain Name Server is Outside Your Local Net 

If the DNS name server for your domain is outside your local net you should add the 
following rule to your input filter: 

permit udp src eq domain 


This permits DNS replies into your local net. You should then add the following 
output filter described in Table 10-10 to the interface: 


deny 0.0.0.0/0 192.168.1.0/24 log 
permit top 

permit udp src eq domain 
permit udp dst eq domain 

permit gw.edu.com/32 rt.isp.net/32 udp dst eg 520 
permit icmp 


Table 10-10 Description of External DNS Output Filter 


Rule 

Description 

i 

Denies any outgoing packets to your own network (192.168.1.0) and 
makes a log. 

2 

Permit any TCP connection. 

3 

Permit Domain Name Service replies from your network. 

4 

Permit Domain Name Service queries from your network. 

5 

Permits outgoing RIP packets from the PortMaster (gw.edu.com) to 
the router (rt.isp.net) at the other end of the serial link. 

6 

Permit ICMP packets. 



Note - Since the PortMaster does not apply filter rules to its own UDP and ICMP 
packets, rule 5 is not necessary. However, if you are broadcasting routing through this 
interface it is a good idea to include this rule in case PortMaster behavior is changed in 
the future. 
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Filter to Listen to RIP Information 

To permit incoming RIP packets, add the following rule to your input filter: 

permit rt.isp.net/32 gw.edu.com/32 udp dst eq 520 

Filter to Allow Auth Queries 

To allow auth queries used by some mailers and FTP servers, add the following rule to 

vonr inmit filfor- & 


permit tcp dst eq 113 


For more information about these types of queries, refer to RFC 1413. 

Limiting Access to Specified Hosts 

Security on your network can be increased if you limit the authorized activities for 
certain hosts. For example, you can limit the DNS and SMTP interchange with the 
Internet to a single well-secured host on your network. All Internet hosts would then 
access this single server for those services. If you have several name servers or mail 
servers, you can use additional rules to allow access to these servers. 

To ailow some other network (172.16.12.0) to have complete access to your network 
add the following rule: ' 


permit 172.16.12.0/24 192.168.1.0/24 



Caution - Beware of associative trust. If 192.168.1 trusts 172.16.12 and 172.16.12 
10.5.137, then 192.168.1 trusts 10.5.137 whether 192.168.1 knows it or 
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Restrictive Internet Filter 


This filter is an example of an input filter for a network hardwired port. If you use dial 
on-demand you should add this filter to the appropriate Location Table entry 


This example allows any kind of outgoing connection from the Internet server but 
blocks all incoming traffic to any host but your designated Internet server. This filter 
allows incoming SMTP, NNTP, DNS, FTP, and ICMP traffic to the Internet server and 

blocks all other traffic. 



Note - Unless you have the latest versions of f tpd, httpd, and sendmail you may be 
vulnerable to attacks through these ports. Check the latest CERT advisories, available 
on ftp. cert. org, for existing vulnerabilities. 


In the following example, the name server should be replaced by the IP address or 
host name of your Internet server. 


deny 192.168.1.0/24 0.0.0.0/0 log 
permit 0.0.0.0/0 server/32 tcp estab 
permit 0.0.0.0/0 server/32 tcp dst eq ftp 

permit 0.0.0.0/0 server/32 tcp src eq ftp-data dst gt 1023 

permit 0.0.0.0/0 server/32 tcp dst eq nntp 

permit 0.0.0.0/0 server/32 tcp dst eq smtp 

permit 0.0.0.0/0 server/32 tcp dst eq www-http 

permit 0.0.0.0/0 server/32 udp dst eq domain 

permit 0.0.0.0/0 server/32 tcp dst eq domain 

permit 0.0.0.0/0 server/32 icmp 


Table 10-11 describes the filter. 

Table 10-11 Description of Restrictive Internet Filter 


Rule 

Description 

i 

Denies any incoming packets from your own network (192.168.1.0) 


and makes a log. 

2 

Permits packets from any established TCP connection to the Internet 


server. 

3 

Permits FTP from any one to the Internet server. 
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Table 10-11 Description of Restrictive Internet Filter 


Rule 

Description 

4 

Permits FTP data back channel. 

5 

Permits incoming NNTP (news) to the Internet server. 

6 

Permits incoming SMTP (mail) to the Internet server. 

7 

Permits www (http) requests to the Internet server. 

8 

Permits Domain Name Service queries to the Internet server. 

9 

Permits DNS zone transfers from the Internet server. 

10 

Permits ICMP to the Internet server. You can further limit ICMP to 
types 0, 3, 8, and 11 using four rules instead of one. See RFC 1700 for 
the list of ICMP packet types. 


To log all blocked packets add the following rule to the end of your filter: 


deny log 


Access Filters 


Access filters allow you to limit access to a specified host or group of hosts. Interactive 
users, those using telnet and rlogin, can be allowed to select a host for their sessions 

c H r:r f v ou ,r y want to ! imit their access to specmc h ° sts ° r ^0^. ^ 

control filter allows you to designate a limited set of hosts or networks accessible by 
the user when they are presented with the "Host:" prompt. J 
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Connecting a Branch 
Office to the Ma in Office 11 


This chapter describes how to use the PortMaster to connect your office to another 
office using a dial on-demand configuration. This type of connection is designed to 
a e the place of a costly dedicated line between the two locations, where the amount 
and duration of traffic does not justify a leased line or Frame Relay connection. 

The following topics are described: 

Overview of the configuration 
Description of hardware configuration 

Description of software configuration on the PortMaster in the branch office 
Description of the software configuration on the PortMaster in the main office 
Testing the configuration 

How to setup multi-line load-balancing 
• Using ISDN for on-demand connections 


Overview of Main Office Connection Configuration 

The configuration described in this chapter can be implemented with any PortMaster 
however, the PortMaster Office Router is used in this example. 

The PortMaster Office Router is designed to provide cost-effective connectivity 
etween small remote (branch) offices and larger headquarters (main) offices. These 
types of connections are typically established on an as-needed basis. For most 
applications it is not cost-effective to maintain a continuous connection when a 
connection can be established to transfer network traffic when necessary. These types 
of connections are usually handled by a dial on-demand link. 

A dial on-demand link establishes a connection with the specified location when 
network traffic is queued. The PortMaster Office Router OR-M is designed to support a 
dial on-demand connection with another office using the PCMCIA modem port, 
designated SI. Figure 11-1 shows an example of this configuration. The console port, 

, can be used as a console or an external modem can be connected to provide an 

periodT 31 dlal ° n ~ demand P ° rt for multHine load-balancing during peak traffic 
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Connecting a Branch Office to the Main Office 


The PortMaster Office Router-ISDN (OR-U) has an ISDN BRI port designated 
S1/S2 instead of a PCMCIA modem port. The ISDN port can be used for ISDN dial 
on-demand connections. 

The example in this chapter uses the PCMCIA asynchronous modem port on the 
OR-M. To use the ISDN port on the OR-U, see "Using ISDN for On-Demand 
Connections" on page 11-14. 



11-2 


Configuration Guide for PortMaster Products—December 1995 

















































































Connecting a Branch Office to the Main Office 


Description of Sample Configuration 


he example described m this chapter connects a PortMaster Office Router located in a 
branch office with a PortMaster of some type in a main office. This connection is 
initiated on an on-demand basis whenever traffic for the other office is queued at either 

r P im a ! connection is configured for dial-in and dial-out operation using 
the PCMCIA port, SI. The variables shown in Table 11-1 are used in this example § 
Change variable values to actual values that reflect your network. ' 

Table 11-1 Example Configuration Variables 


Variable Description 


Name of router in the branch office 
IP address of router in the branch office 
Network type and number 
IPX network of router in the branch office 
IPX Frame Type 

Name of PortMaster router in the main office 

IP address of router hq in the main office 

Network type and number of router hq in the 
main office 

IPX network of router in the main office 
IPX network for the serial link 
Idle Timeout 


Value for this Example 


branch 

192.168.200.1 

Class C 192.168.200.0 
000000F3 

IEEE 802.2 on Ethernet 
hq 

192.168.1.1 

Class C, 192.168.1.0 

000000F1 
000000F2 
5 minutes 


Configuring the Hardware 


o install the hardware for this configuration, follow these steps and the instructions in 
the Hardware Installation Guide for your PortMaster. If you need additional help, refer to 
the Troubleshooting" chapter of your Hardware Installation Guide. 

1. Unpack the PortMaster. 

2 ' Srr loC ? u, the , met network to th e Ethernet port and set the network 
selection DIP switch(es) appropriately. 

3. Connect the power cable. 
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Connecting a Branch Office to the Main Office 


4. Insert the PCMCIA modem card into the PCMCIA slot marked SI. 

5. Connect a terminal or PC (9600, 8, N, 1) to the console port marked SO with a null 
modem cable. 

Refer to the Hardware Installation Guide for your PortMaster for more information 
about connecting and configuring a terminal. 

6. Turn on the power switch. 

The PortMaster performs power on self diagnostics. The self diagnostics are 
displayed to the console if the console DIP switch is UP. 

7. Press [Return] on the console. 

The PortMaster login prompt is displayed. 

8. Type '.root then press [Return]. 

You are prompted for the administrative password. The PortMaster is shipped 
from the factory without a password. 

9. Press [Return] at the password prompt. 

10. Set the password on the PortMaster by typing: 


Command> set password password 


This step is optional but highly recommended. 


11. Set the IP address of the new PortMaster by typing: 


Command> set etherO address 192.168.200.1 


In this example, 192.168.200.1 is the IP address of the PortMaster. A confirmation 
message is displayed showing the new IP address. 

12. Set the netmask and broadcast values if necessary. 

13. Save the address to the nonvolatile memory of the PortMaster by typing: 
Command> save all 
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Command> quit 


Configuring the Software on the Router in the Branch Office 

In order to use the PMconsole graphical user interface to configure the Office Router 
you must install the software on a UNIX workstation or a Microsoft Windows 
compatible computer. Once the software is installed and started according to the 
instructions in the appropriate Administrator's Guide , proceed with the configuration 
You can also configure the PortMaster from the console using the command line 
interface, or using administrative telnet once the PortMaster address is set. 

Setting the Global Parameters 

Set the following global parameters to the values shown in Table 11-2. These values 
only apply to this example; use values appropriate for your network. 

Table 11-2 Global Parameter Values 


Parameter 


Value 


IP Address 
IP Gateway 
Default Route 
Sysname 


192.168.200.1 

192.168.1.1 

Broadcast and Listen 
branch 


PortMaster. 


For more information about global parameters, refer to Chapter 4, "Configuring a 

Pr»rfA/T o cfor " o o 
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Setting the Ethernet Port Parameters 

Set the following Ethernet parameters to the values shown in Table 11-3, 
Table 11-3 Ethernet Parameter Values 


Parameter 

Value 


Protocol 

PPP/IP/IPX 


IPX Network 

000000F3 


IPX Frame Type 

802.2 


IP Address 

192.168.200.1 


Netmask 

255.255.255.0 


Broadcast Address 

high (192.168.200.255) 


Routing 

On (Broadcast and Listen) 


Ethernet 

Enabled 

--- 


For more information on Ethernet parameters, refer to Chapter 5, Configuring the 
Ethernet Interface." 


Setting the PCMCIA Serial Port Parameters 

The PCMCIA modem port on the PortMaster Office Router is designated SI. Configure 
the port parameters with the values shown in Table 11-4. The PCMCIA modem must 
be installed in order to configure port SI. 

Table 11-4 PCMCIA (si) Port Parameter Values 


Parameter 

Value 

Port Type 

Network 

Network Type 

Dial In&Out (or twoway for command line) 

Speed 1 

Use 57600 for V.32bis modems and 115200 for V.34 
modems, unless your modem manual instructs 
otherwise. Use the highest DTE speed supported by 
your modem. 

Speed 2 

Same as speed 1 
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Table 11-4 PCMCIA (si) Port Parameter Values (Continued) 


Parameter 

Value 

Speed 3 

Same as speed 1 

Modem Control 

On 

Flow Control 

RTS/CTS 

Idle Timeout 

5 minutes 

Dial Group 

1 


All the other parameters should be left at their default values. For more information 
about asynchronous ports and configuring your modem, refer to Chapter 6 
Conhguring an Asynchronous Port." 


Defining a Dial-In User 


A user account must be set up on the router in the branch office so the PortMaster in 
the main office can dial in when traffic is queued at the main office. The new user hq 
should be configured with the parameter values shown in Table 11-5. 


Table 11-5 User Table Parameter Values for User hq 


Parameter 

Value 

User Name 

hq 

Password 

anypasswd 

(The password must match the password used in the 
dial script set on the PortMaster in the main office for 
location branch.) Do not use the same password used 
for the administrative !root login. 

Type 

Network User/Normal 

Protocol 

PPP 

User IP Address 

Specified 192.168.1.1 

Netmask 

255.255.255.0 

IPX Network 

000000F2 

Routing 

On (Broadcast and Listen) 
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Table 11-5 User Table Parameter Values for User hq (Continued) 


Parameter 

MTU 
Compression 


Value 


1500 


On (Unless using multi-line load-balancing.) 


For more information about configuring User Table parameters, refer to Chapter 8, 
"Configuring Dial-In Users." 


Defining a Dial-Out Location 


A location entry on the PortMaster Office Router in the branch office must be created 
for the location identified as hq. This allows the Office Router in the branch office to 
call the PortMaster in the main office when network traffic is queued. The new location 
hq should be configured with the parameter values shown in Table 11-6. 


Table 11-6 Location Table Parameter Values for Location hq 


Parameter 

Value 

Location Name 

hq 

Type 

Manual (The location is set for manual dialing until 
after the configuration has been tested. Once the 


configuration is verified the Type is changed to 
On-Demand.) 

Protocol 

PPP/IP/IPX 

IP Destination 

Specified 192.168.1.1 (Allows the PortMaster to know 
when to dial after the Type is switched to On-Demand 


later.) 

Netmask 

255.255.255.0 

IPX Network 

000000F2 

Routing 

On (Broadcast and Listen) 

MTU 

1500 

Compression 

On (Unless using multi-line load-balancing.) 

Idle Timeout 

5 minutes 

Maximum Ports 

1 (If you are not using multi-line load-balancing.) | 
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Table 11-6 Location Table Parameter Values for Location hq (Continued) 


Parameter 


High Water Mark 
Dial Group 

Send and Expect Pairs 


Value 


0 (If you are not using multi-line load-balancing.) 


1 

Send: ATDT5551212\r 
Expect: CONNECT 
Send:\r 
Expect: ogin: 

Send: branch\r 
Expect: ssword: 

Send: anypasswd\r 
Expect: PPP 


For more information about configuring Location Table parameters, refer to Chapter 9 
Configuring Dial-Out Locations." pter y. 

After the port, user, and location parameters are entered, the port should be 
make the new configuration active. 


reset to 


Configuring the Software on the PortMaster in the Main Office 

In our example, the remote machine is the PortMaster in the main office. To configure 
this PortMaster to dial the branch office when there is any traffic queued, you must 
configure the main office exactly the same as the branch office except that the names 
and addresses are reversed as described in the following subsections. 

Setting the Port Parameters 


For all ports that you want enabled for dial 
shown for the parameters in Table 11-7. 


-in and out to branch, enter the values 


Table 11-7 Dial-Out Port Parameter Values 


Parameter 

Value 

Port Type 

Network 

Network Type 

Dial In&Out (or twoway for command line) 


Configuring the Software on the PortMaster in the Main Office 
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Table 11-7 Dial-Out Port Parameter Values (Continued) 



Parameter 

Value 


Speed 1 

Use 57600 for V.32bis modems and 115200 for V.34 
modems, unless your modem manual advises otherwise 


Speed 2 

Speed 3 

Same as speed 1 

Same as speed 1 


Modem Control 

On 


Flow Control 

Idle Timeout 

RTS/CTS 

5 minutes (If you are also using the PortMaster in the 
main office for user dial in, you want to set this 
parameter higher or off.) 


Dial Group 

1 

Defining a Dial-In User 

A user account must be set up on the PortMaster in the main office so the router in the 
branch office can dial in when traffic is queued. The new user branch should be 
configured with the parameter values shown in Table 11-8. 

Table 11-8 User Table Parameter Values for User branch 


Parameter 

Value 


User Name 

branch 


Password 

anypasswd 

(The password must match the password used in the 
dial script set on the PortMaster in the branch office for 
location hq.) Do not use the same password used for the 
administrative Iroot login. 


Type 

Network User/Normal 


Protocol 

PPP 


User IP Address 

Specified 192.168.200.1 


Netmask 

255.255.255.0 


IPX Network 

000000F2 _ 
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Table 11-8 User Table Parameter Values for User branch (Continued) 


Parameter 

Value 

Routing 

On (Broadcast and Listen) 

MTU 

1500 

Compression 

(Unless using multi-line load-balancing ) 


Defining a Dial-Out Location 


A location entry on the PortMaster in the main office must be created for the location 
identified as branch. This allows the PortMaster in the main office to call the 
ortMaster in the branch office when network traffic is queued. The new location 
ranch should be configured with the parameter values shown in Table 11-9. 


Table 11-9 Location Table Parameter Values for Location branch 


Parameter 

Value 

Location Name 

branch 

Type 

Manual (The location is set for manual dialing until 
configuration has been tested. After verification, the Type is 
changed to On-Demand.) 

Protocol 

PPP 

IP Destination 

Specified 192.168.200.1 

Netmask 

255.255.255.0 

IPX Network 

000000F2 

Routing 

On (Broadcast and Listen) 

MTU 

1500 

Compression 

Idle Timeout 

On (If you are not using multi-line load-balancing.) 

5 minutes 

Maximum Ports 

High Water Mark 
Dial Group 

1 (If you are not using multi-line load-balancing.) 

0 (If you are not using multi-line load-balancing.) 

0 
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Table 11-9 Location Table Parameter Values for Location branch (Continued) 


Parameter 

Value 


Send and Expect 
Pairs 

Send: ATDT5551020\r 

Expect: CONNECT 

Send: \r 

Expect: ogin: 

Send: hq\r 

Expect: ssword: 

Send: anypasswd\r 

Expect: PPP 


Reset the port to make the new settings active. 


Testing the Setup 

The configuration should be tested before either of the locations are set for On-Demand 
dialing. To test the configuration, follow these steps: 


1. Use the Dialer to connect from branch to hq. 

If you are using PMconsole, select Dialer from the View menu. Set the Watch Dialer 
parameter to Yes. If you are using the command line interface, type the following. 


Command> set console 
Command> set debug 0x55 
Command> dial hq 


2 . 

3. 


4. 


5. 


Monitor the dial and connect sequence between the two locations. 

If everything connects as expected, reset the port on the Office Router in the 
branch office and change the location Type parameter to On Demand. 

To reset the port, click the reset button on the Port window or type reset si at 
the command prompt. 

If there is a problem, reset the port on the Office Router in the branch office and 
change the dial script or other parameters. Dial the main office again. Repeat this 
procedure until the connection is made correctly. 

Repeat steps 1 through 4, dialing from the main office to the branch office. 
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Setting the Console Port for Multi-line Load-balancing 


Multi-line load-balancing is used to add additional lines when network traffic is heavy. 

/ ™° re than °" e me to the same location is established, the PortMaster balances the 
ra ic among the lines. To configure the Office Router for multi-line load-balancing an 
external modem must be attached to the console port. 



Note - TCP/IP header compression cannot be used with multi-line load-balancing. 


this example the console port is being configured for use as another serial port. Once 
you set this configuration, the port is no longer used for the system console 
figure 11-2 diagrams the multi-line load-balancing configuration. 



Setting the Console Port for Multi-line Load-balancing 
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Connecting a Branch Office to the Main Office 


To enable multi-line load-balancing, you must configure the SO port using the same 
parameters as shown for the PCMCIA port in Table 11-4. When you conhgure the 
location hq on the router in the branch office use the parameter values shown in 
TaVtlp 11-10. 


Table 11-10 Location (hq) Parameter Values for Load-Balancing 


Parameter 

Value 


Maximum Ports 

2 


High Water Mark 

100 bytes 



The value of the High Water Mark parameter depends on the type of traffic and how 
many queued bytes of traffic you want before the second line is used. 


Using ISDN for On-Demand Connections 

Using the ISDN BRI port on the PortMaster Office Router-ISDN (OR-U) is very similar 
to using the PCMCIA port on the OR-M, except you must do the following: 

• Configure the ISDN switch type as a global parameter 


• Set the SPID on the port 

• Do not set the port speed, flow control, or modem control 

• Use a V.25bis dialing script in the Location Table setup 


For more information about ISDN connections, see Chapter 18, 'ISDN Connections" 
and for information about V.25bis dialing scripts, see Chapter 9, Configuring Dial-Out 

Locations." 
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Connecting Your Office to the Internet 


is chapter describes how to configure the PortMaster to establish a continuous 
connechon to an Internet Service Provider (ISP). This creates a gateway from your 

1C6 p t0 Internet usin § a dial -out connection through one of the serial ports on 
your PortMaster. Internet connections can also be set for on-demand operatfon For 
e information about on-demand connections, refer to Chapter 9, "Configuring Dial- 
Out Locations and Chapter 11, "Connecting a Branch Office to the Main Office." 


The following topics are discussed: 

Overview of establishing continuous connections 
Setting a dial out Internet connection using a modem port 
Setting a hardwired connection to the Internet using a modem port 
• Setting packet filtering 


Overview of the Continuous Internet Configuration 


anothe^ C ° nnectlons fr ° m serial P° rt s are used to establish a constant link with 
chant rrr er 3 UP telephone line ' In the configurations described in this 
Inte P t J 6 ^ aSte ; 18 C ° nfigUred for a continuous dial-up connection with an 
nternet Service Provider (ISP) using dial-up or dedicated lines. Figure 12-1 shows an 
example of this configuration. 8 Snows an 
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Internet Service Provider 

Figure 12-1 Continuous Internet Connection 

Description of the Example Configuration 

The example described in this chapter connects a PortMaster located in an office with 
an Internet Service Provider (ISP). If you use a continuous dial-out link from the SI 
serial port, one Location Table entry is needed for the ISP If you use a network 
hardwired port, no entries are needed in the Location Table. 

A continuous dial-out connection starts as soon as the PortMaster boots and is redialed 
whenever the telephone connection is dropped. The network hardwired configura ion 
is typically used if you are using a leased analog line or an asynchronous to 
synchronous converter. Both of these configurations are described in this chapter. For 
this example, IPX packets are not transmitted to or from the Internet Service Provider. 
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Connecting Your Office to the Internet 


he connection to the ISP can also be configured for dial on-demand operation, as 
described in Chapter 11, "Connecting a Branch Office to the Main Office." However 
dial on-demand ISP connections do not allow Internet users access to your site when 
the dial-up connection is not established. 

throughl^ 0 ^ C ° nneCti ° nS Usin § synchronous ports are described in Chapters 15 


The examples shown use the variables listed in Table 12-1. Change these values to 
reflect your network. ° 

Table 12-1 Example Configuration Variables 


Variable Description 


Name of router in office 
IP address of router in office 
Network type and number 
Timeout for hang up 
Network protocol 
IP address of the ISP 
Name of the ISP 


Value for this Example 


office 

192.168.200.1 
Class C 192.168.200.0 
0 minutes (never hang up) 
PPP 

192.168.5.6 

isp 


Configuring the Hardware 


o install the hardware for this configuration, follow these steps and the instructions in 
the Hardware Installation Guide for your PortMaster. If you need additional help, refer to 
the Troubleshooting" chapter of your Hardware Installation Guide. 

1. Unpack the PortMaster. 

2 - Er^Zup^:iy" e,w ° rk ,o ,he E,hemet port >nd ,he * 

3. Connect the power cable. 

4. Connect a modem to the serial port you are using for this configuration. 


Configuring the Hardware 
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5. Connect a terminal or PC (9600, 8, N, 1) to the console port marked SO with a null 
modem cable. 

6. Turn on the power switch. 

The PortMaster performs power on self diagnostics. The self diagnostics are 
displayed on the console if the console DIP switch is UP. 

7. Type '.root at the login: prompt, then press [Return]. 

You are prompted for the administrative password. The PortMaster is shipped 
from the factory without a password. 

8. Press [Return] at the password prompt. 

9. Set the IP address of the new PortMaster by typing: 

Command> set etherO address 192.168.200.1 

In this example, 192.168.200.1 is the IP address of the PortMaster. A message is 
displayed with the new IP address. 

10. Set the netmask and broadcast values if necessary. 

11. Save the address in the nonvolatile memory of the PortMaster by typing. 


Coiranand> save all 


12 If vou are using PMconsole to configure your PortMaster, instead of the 
’ command line interface, exit the command line interface by typing: 


Command> quit 


Configuring the Software on the PortMaster 


In order to use PMconsole to configure the PortMaster, you must install the software 
on a UNIX workstation or a Microsoft Windows-compatible computer. Once the 
software is installed and started according to the instructions in the appropriate 
Administrator's Guide, proceed with the configuration. You can also configure t e 
PortMaster from the console using the command line interface, or using administrative 
telnet once the PortMaster address is set. 
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Setting Global Parameters 


Set th nL ame ° f , the , SySt6m t0 //office " usin § the S y stem Name parameter, 
using PMconsole, this parameter is found in the SNMP Window. Refer to 
Administrator s Guide for more information. 


If you are 
your 


Set the Default IP Gateway parameter to the address of your ISP's router. 

For this configuration, none of the other global parameters need to be set. However 
you may want to define some of these parameters for your installation. 

Setting the Ethernet Port Parameters 


Set the following Ethernet parameters to the values shown in Table 12-2. 


Table 12-2 Ethernet Port Parameter Values 


Parameter 

Value 

Protocol 

IP 

IP Address 

192.168.200.1 

Netmask 

255.255.255.0 

Broadcast Address 

high (192.168.200.255) 

Routing 

On (Broadcast and Listen) 

Ethernet 

Enabled 


the EtherneHnterface."" E,her " e ' P ° r ' parame,eK ' refer ,0 Cha F*“ 5 - "Configuring 


Setting the Serial Port Parameters for Dial-Out 


For continuous dial out on 
shown in Table 12-3. 


a serial port, configure the port parameters with the values 


Table 12-3 Serial Port Parameter Values for Continuous Dial Out 


Parameter 

Value 

Port Type 

Network 

Network Type 

Dial Out 
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Table 12-3 Serial Port Parameter Values for Continuous Dial Out (Continued) 


Parameter 

Value 

Speed 1 

Use 57600 for V.32bis modems and 115200 for V.34 
modems, unless your modem manual instructs 
otherwise. 

Speed 2 

Same as speed 1 

Speed 3 

Same as speed 1 

Modem Control 

On 

Flow Control 

RTS/CTS 

Dial Group 

1 


All the other parameters should be left with their default values. For more information 
about the asynchronous ports and configuring modems, refer to Chapter 6, 
"Configuring an Asynchronous Port." 


Setting the Serial Port Parameters for a Hardwired Connection 

To establish a hardwired connection on a serial port, configure the port parameters 
with the values shown in Table 12-4. 

Table 12-4 Serial Port Parameter Values for a Hardwired Port 


Parameter 

Value 

Port Type 

Network 

Network Type 

Hardwired 

Protocol 

PPP 

MTU 

1500 

Speed 1 

Use 115200 if the attached device supports this speed. 
Otherwise, use the speed suggested by the device 


manual. 

Modem Control 

On (If using a modem or CSU/DSU.) 

Off (If using a direct physical connection.) 

Flow Control 

RTS/CTS 
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Table 12-4 Serial Port Parameter Values for a Hardwired Port (Continued) 


Parameter 

Value 

IP Destination 

192.168.5.6 

Netmask 

255.255.255.0 for a Class C address 

Routing 

Typically Off; however, your ISP may request that you 
set this parameter to Broadcast. 

Compression 

Enabled 


All the other parameters should be left with their default values. For more information 
about asynchronous ports, refer to Chapter 6, "Configuring an Asynchronous Port." 


Defining a Dial-Out Location 


If you are using a continuous dial-out link, a location entry on the PortMaster must be 
created for the location identified as isp. This allows the PortMaster to establish a 
nnechon with the Internet Service Provider as soon as it is booted. The new location 
isp should be configured with the parameter values shown in Table 12-5 or as 
instructed by your ISP. 


Table 12-5 Location Table Parameter Values for Location isp 


Parameter 

Value 

Location Name 

isp 

Type 

Manual (The location is set for manual dialing until 
after the configuration has been tested. Once the 
configuration is verified, change the Type to 

Continuous.) 

Protocol 

PPP 

IP Destination 

Specified 192.168.5.6 

Netmask 

255.255.255.0 

Routing 

Typically Off; however, your ISP may request that you 
set this parameter to Broadcast. 

MTU 

1500 

Compression 

On (If you are not using multi-line load-balancing ) 


Configuring the Software on the PortMaster 
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Connecting Your Office to the Internet 


Table 12-5 Location Table Parameter Values for Location isp (Continued) 


Parameter 
Input Filter 
Output Filter 
Idle Timeout 
Maximum Ports 
High Water Mark 
Dial Group 
Send and Expect Pairs 


Value ____ 

internet.in 

internet.out (if needed) 

0 

1 (If you are not using multi-line load-balancing.) 
0 (If you are not using multi-line load-balancing.) 
1 

Send: ATDT5551212\r 
Expect: CONNECT 
Send:\r 
Expect: ogin: 

Send: office\r 
Expect: ssword: 

Send: passwd\r 



Note - The strings you send following the login: and password: prompts must be 
provided to you by your ISP. Your chat script may differ from this example depending 

on your ISP. 


You can also authenticate using CHAP if it is supported by the ISP To use CHAP 
authentication, use only the first Send and Expect string m the chat script shown 
above. You must also create a user called "isp" with the password passwd For more 
information about configuring users, refer to Chapter 8, "Configuring; Dial-In Users 
For more information about configuring Location Table parameters, refer to Chapter 9, 
"Configuring Dial-Out Locations.' 


After the configuration is entered and saved, the port should be reset to make the new 
settings active. 
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Testing the Continuous Dial-Out Setup 


The configuration should be tested before the location i: 
To test the configuration, follow these steps: 

1. Use the Dialer to connect to the ISP. 


isp is set for continuous dialing. 


Select Dialer from the PMconsole View menu. Set the Watch Dialer parameter to 
Yes. If you are using the command line interface, type: dial isp -x 

2. Monitor the dial and connect sequence between the two locations. 




Contact your ISP if you are unable to connect as expected. They may be able to 


provide additional information. 


/\ Not . e You ma T need to S et specific dial script examples from the ISP before 
configuring the location. 

Testing the Network Hardwired Setup 


To test the configuration, follow these steps: 

1. Reset the newly configured serial port. 

The network hardwired connection should be established within a few seconds. 

2. Verify that the connection becomes ESTABLISHED. 

Use the show si command (if you are using port si). 

3. If there is a problem, check your configuration. 

Contact your ISP if you are unable to connect as expected. 


Testing the Continuous Dial-Out Setup 
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Setting Network Filtering 


Your connection to the Internet can be vulnerable to attack from other Internet use . 
Therefore, it is recommended that you add an input filter to the location isp for the 
continuous dial-out connection. For a hardwired connection, the input filter can be 
attached to the hardwired port. 



Note - This section describes an example filter that may not protect your network from 
all forms of attack. For more information about filters, refer to "References an 
Chapter 10, "Configuring Filters." 


The filter named internet.in is written as follows: 


deny 192.168.200.0/24 0.0.0.0/0 log 
permit tcp estab 

permit 0.0.0.0/0 mail.edu.com/32 tcp dst eq smtp 

permit 0.0.0.0/0 ftp.edu.com/32 tcp dst eq ftp 

permit 0.0.0.0/0 www.edu.com/32 tcp dst eq www-http 

permit tcp src eq ftp-data dst gt 1023 

permit udp dst eq domain 

permit tcp dst eq domain 

permit icmp 


Table 12-6 describes the filter. 

Table 12-6 Description of Internet Filter 


Rule 

Description - 

i 

Deny any incoming packets claiming to be from your own network 
(192.168.200.0). This blocks IP spoofing attacks and logs the attempt. 

2 

Permits already established TCP connections. 

3 

Permits SMTP connections to the mail server mail.edu.com. 

4 

Permits FTP to the host ftp.edu.com. 

5 

Permits WWW http connections to the web server www.edu.com. 

6 

Permits FTP data channel. 
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Table 12-6 Description of Internet Filter (Continued) 


Rule 


Description 


Permits Domain Name Service. 

Permits Domain Name Service zone transfers. (You may wish to 
restrict this rule to allow only connections to your name servers.) 
Permits ICMP packets. 


If your Domain Name Server is outside your local network refer to "Domain kt 
Server is Outside Your Local Net" on page 10-16. Name 


Using ISDN for Internet Connections 


Using the ISDN BRI port on the PortMaster Office Router-ISDN in R in ,v • •, 
■o “ Si "8 «■ PCMCIA port on Ihe OR-M, except 

Configure the ISDN switch type as a global parameter 
• Set the SPID on the port 


Do not set the port speed, flow control, or modem control 
Use a V.25bis dialing script in the Location Table setup 


For more information about ISDN connections, see Chapter 18 
and for information about V.25bis dialing scripts, see Chapter 9 
Locations." r ' 


"ISDN Connections" 
"Configuring Dial-Out 


Using ISDN for Internet Connections 
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Configuring User Dial-In Access 13 


This chapter describes how to use the PortMaster to allow users access to centralized 
osts and networks. This application is used by Internet Service Providers, academic 
environments, and corporate telecommuters. In this configuration multiple 
asynchronous ports are configured with modems for answering incoming calls from 
users who will then access a networked host connected via Ethernet to the PortMaster. 

The following topics are described: 

• Overview of the login user configuration 
Description of hardware configuration 

Description of an example software configuration on the PortMaster 


Overview of Dial-In User Configuration 


The PortMaster configuration described in this example allows up to seven 30 port 

The PortM 8 ° connected together to provide up to 210 dial-in asynchronous ports. 
The PortMaster communications server allows dial-in users to access a host for shell 
accounts and/or PPP, SLIP, or CSLIP connections. Internet Service Providers can use 

uslrTvn^ t0 ;j 0nfl f Ure their ^Masters to allow host and network access by dial-in 
sers. The number of ports used is a function of the number of expected subscribers- 

nort P b MV 60 SUbSCrib f FS is the ^ca 1 ratio, but peak usage and average usage per 
p should be monitored closely to determine the need for additional ports. RADIUS 

JZe WoIa«on y0 “ '° eVa ' Ua,e PO " ** ' he MDWS M ^ator'e Guide 

The same application can be used by companies to allow remote users access to their 
own accounts on the corporate network. Once users are authenticated they can access 
network resources as if they were connected to the corporate network directly. 

Although this example uses seven PortMasters, many more can be used. With more 
than seven PortMasters, the configuration is the same except that the assigned pools 
would be arranged differently. 8 P 
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Dial-in 

Connection 



UNIX or Other Host 


Figure 13-1 Login User Configuration 



Description of Sample Configuration 

The Internet Service Provider example described in this chapter usesthevaiuessh^n 


in 


Table 13-1. Change variable values to actual values that reflect your 


network. 


Table 13-1 Example Configuration Variables 


Variable Description 

Value for this Example 

Address type 

Class C assigned by your provider 

Class C IP network 

192.168.1.0 

IP address and name of router connecting 
to the Internet 

192.168.1.1 (gw.edu.com) 

IP address and name of host running 

192.168.1.2 (rk2.edu.com) 

RADIUS 
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Configuring User Dial-In Access 


Table 13-1 Example Configuration Variables (Continued) 


Variable Description 

Value for this Example 

IP address and name of host running DNS 

IP address of RADIUS accounting server 

IP address of RADIUS backup accounting 
server 

192.168.1.2 (rk2.edu.com) 

192.168.1.2 (rk2.edu.com) 

192.168.1.3 (rk3.edu.com) (Optional) 

IP address of host running backup RADIUS 

IP address of host that shell users log into 

IP addresses reserved for future hosts 

IP address and name of first PortMaster 

IP addresses and names for additional 
PortMasters 

Reserved pool of assigned addresses for 
PortMaster 1 

192.168.1.3 (rk3.edu.com) (Optional) 

192.168.1.4 (rk4.edu.com) (Optional) 

192.168.1.5-15, 23-32 

192.168.1.16 (pml.edu.com) 

192.168.1.17-22 (pm2.edu.com 
through pm7.edu.com) 

192.168.1.33-62 

Reserved pool of assigned addresses for 
PortMaster 2 

192.168.1.65-94 

Reserved pool of assigned addresses for 
PortMaster 3. Continue until PortMaster 7. 

192.168.1.97-126 

Reserved pool of assigned addresses for 
PortMaster 7 

192.168.1.225-254 


You can set the assigned pools a little closer together as long as they do not overlap 
however, having the pools fall within bit boundaries makes packet filters easier to 



Note This example assumes you are using a PM-2E-30 PortMaster. If 
PM-25, the assigned pools can be moved closer together. 


you are using a 
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Configuring the Hardware 


To install the hardware for this configuration, follow these steps and the instructions in 
L Hardware Installation Guide for your PortMaster. If you need additional help, refer to 
the "Troubleshooting" chapter of your Hardware Installation Guide. 

1. Unpack the PortMaster. 

2. Connect your local Ethernet network to the Ethernet port and set the network 
selection DIP switches appropriately. 

3. Connect the power cable. 

4. Connect a terminal or PC (9600, 8, N, 1) to the console port marked SO with a null 
modem cable. 

Refer to the Hardware Installation Guide for your PortMaster for more information 
about connecting and configuring a terminal. 

5. Turn on the power switch. 

The PortMaster performs power on self diagnostics as it boots. The self diagnostics 
are displayed to the console if the console DIP switch is UP. Booting takes less than 

one minute. 

6. Press [Return] on the console. 

The PortMaster login prompt is displayed. 

7. Type [root then press [Return]. 

You are prompted for the administrative password. The PortMaster is shipped 
from the factory without a password. 

8. Press [Return] at the password prompt. 

9. Set the IP address of the new PortMaster by typing: 


Convmand> set address 192.168.1.16 


In this example, 192.168.1.16 is the IP address of the first PortMaster 
(pml.edu.com). A confirmation message is displayed showing the new IP address. 

10. Set the netmask if it is not 24 bits and set the gateway if you need to assign a 
default gateway. 
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11 . Save the address in the nonvolatile memory of the PortMaster by typing: 


Command> save all 

-—- 

12. Exit the command mode by typing: 


Command> quit 



13. Connect you, modems to the serial ports using straight-through modem cables. 

U «b™T ' ha ' rjT ble °! 28 ' 8KbpS are best but V32bis tat run a, 

14.4Kbps also work. Modems slower than 14.4Kbps work but are not 

recommended for network users. 

14 ‘ faSte " ed - there is enough 


Configuring the Software on the PortMaster 


In order to use the PMconsole graphical user interface to configure the PortMaster you 
must install the software on a UNIX workstation or a Microsoft Windows-compatible 
compute. Once the software is installed and started according to the instructions in 
the appropriate Administrator's Guide, proceed with the configuration. You can also 
configure the PortMaster from the console using the command line interface or using 
administrative telnet once the PortMaster address is set. 8 

The UMX version of PMconsole includes the pmcommand utility that allows you to 
ne a command script and upload the script to the PortMaster. This utility is useful 
when you are performing the same configuration on multiple PortMasters. 



Note - This example describes how to configure the first PortMaster pml.edu.com. Use 
a similar configuration for the remaining PortMasters. 


Configuring the Software on the PortMaster 
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Setting the Global Parameters 

Set the following global parameters to the values shown in Table 13-2, 


Table 13-2 Global Parameter Values 


Parameter 

Value 


Default Host 

192.168.1.4 


Alternate Host 

any other shell host, if available 


IP Gateway 

192.168.1.1 


Default Route 

Broadcast and Listen 


Name Service 

DNS 


Name Server 

192.168.1.2 


Domain 

edu.com 


Sysname 

pml 


Loghost 

192.168.1.2 


Assigned Address 

192.168.1.33 



For more information about global parameters, refer to Chapter 4, "Configuring a 
PortMaster." 


Setting the RADIUS Parameters 


RADIUS is usually implemented for user authentication when there are multiple 
PortMasters and more than a few dozen users. Only a few hundred users cane 
configured in the User Table and stored in the nonvolatile memory of the PortMaster. 
This example assumes the use of RADIUS. 

The RADIUS parameters are given in Table 13-3, however for information about 
RADIUS and its parameters, refer to the RADIUS Administrator s Gut tor 

ftp:/ /ftp.livingston.com/pub/livingston/radius/radius.mstal . 
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Table 13-3 RADIUS Parameter Values 


Parameter 

Value - 

Secret 

Authentication Server 

anyvalue (Must be the same secret for pml.edu.com in 
the /etc/raddb/clients file on the RADIUS server.) 
192.168.1.2 

Alternate 

Authentication Server 

l 9 ^ 8 :™ (°P tional ) This server must have an identical 
RADIUS database. 

Accounting Server 

192.168.1.2 

Alternate Accounting 
Server 

192.168.1.3 (optional) This must be another RADIUS 
server. 

ng the Ethernet Port Parameters 

Set the following Ethernet 

parameters to the values shown in Table 13-4. 

Table 13-4 Ethernet Parameter Values 

Parameter 

Value 

IP Address 

192.168.1.16 

Netmask 

255.255.255.0 

Broadcast Address 

high (192.168.200.255) 

Routing 

On (Broadcast and Listen) 

Ethernet 

Enabled 

---— 1 


EthernetInterface/' 0 " °" E ' hemet Parame ' erS ' ^ to Cha P te 5 - "Configuring the 
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Setting the Asynchronous Port Parameters 


The serial modem ports are designated SO through S29 on the PortMaster If Y° u 
usine PMconsole, you can configure one port and clone the configuration to the other 
serial ports. If you are using the command line interface, use the set all comman o 
seUhe slme vlhies for each of the serial ports. The port parameters shown in 
Table 13-5 can be set on all asynchronous ports. Use the Modem Table described in 
Chapter 6 "Configuring an Asynchronous Port" to configure the attached modems or 
2 each port2 a host device as described in Chapter 14 , "Configunng the PortMaster 
to Access Shared Devices" and configure each modem individually. 



<Jote - V.34 modems should lock the DTE rate at 115200 bps unless the modem manual 
instructs otherwise. V.32bis modems should lock the DTE rate at 57600 bps. se 
fastest DTE interface speed supported by your modem. 


A list of modems and their initalization strings is found in Table 6-6 on page 6-14. The 
recommended configuration has the modem do the following: 

• Raise carrier when a call comes in 

• Reset itself when DTR is dropped 


• Lock the DTE rate 

• Use hardware flow control (RTS/CTS) 


If vou have already configured your modems on another machine, you should connect 
to the modemlough the PortMaster and se. the modem back to the factory default. 
Then use the recommended modem string to properly configure each modem. 


Table 13-5 Serial Port Parameter Values for All Ports 


Parameter 

Value 


Port Type 

Login Network 


Network Type 

Dial In 


Security 

On 


j Modem Type 

(set to your modem type) 

_____ 
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Table 13-5 Serial Port Parameter Values for All Ports (Continued) 


Parameter 

Value 

The following five parameters are set by the Modem Table when you reset the port 
provided the port has its default setting. y P ' 

Speed 1 

Use 57600 for V.32bis modems and 115200 for V.34 
modems, unless your modem manual instructs 
otherwise 

Speed 2 

Same as speed 1 

Speed 3 

Same as speed 1 

Modem Control 

On 

Flow Control 

RTS/CTS 

--—__ 1 


Once all of the ports are configured as shown above, save and reset all of the ports. 

Defining a Dial-In Login User 



Note - The instructions in this section are only used if you are not usine RADIUS and 

you are not using pass-through logins. not using KADI US and 

A user account must be set up on the PortMaster for each authorized user Each new 
user userl should be configured with the parameter values shown in Table 13-6. 

Table 13-6 User Table Parameter Values for userl 


Parameter 

Value 

User Name 

userl 

Password 

passwd 

User Type 

Login/Normal 

Host 

Default 

Login Service 

PortMaster (if the in.pmd daemon is running on the 
default host, otherwise select "rlogin") 


For more information about configuring User Table parameters, refer to Chapter 8 
Configuring Dial-In Users." p ' 
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Defining a Dial-In Network User 



Note - The instructions in this section are only used if you are not using RADIUS. 


A user account must be set up on 
Each new user user2 should be co 
Table 13-6. 


the PortMaster for each authorized network user, 
nfigured with the parameter values shown in 


Table 13-7 User Table Parameter Values for user2 


Parameter 

Value 


User Name 

user2 


Password 

passwd (any) 


User Type 

Network/Normal 


Protocol 

PPP/IP 


Address Type 

Assigned 


Compression 

On 


Routing 

Off 



You can also use SLIP or CSLIP instead of PPP, refer to Chapter 8, “Configuring Dial-In 
Users" for more information about this configuration. 
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Configuring the PortMaster to Access 

Shared Devices 14 


This chapte' describes how to use the PortMaster to connect from networked hosts to 
shared devtces connected to the PortMaster. This type of connection is designed to 
allow access to modems, printers, and other RS-232 devices. 


The following topics are described: 

Overview of shared device configurations 
Description of hardware configuration 
Description of general software configuration 

Description of the specific software configurations for each application 
• Testing the configuration 


Overview of Shared Device Configurations 


There are two' Methods of accessing shared devices on the PortMaster. The first method 
requires a UNIX host that supports the PortMaster in. pmd daemon. With this daemon 

us^rruil r7 P TT h ° St 1 deViceS and access them ^ pseudo-tty from the host ' 
using tip, UUCP, and other applications. 

Alternatively, you can configure the ports as network devices and access them using 
telnet, rlogin, or a clear channel TCP connection (netdata). 

Host Device Configuration 

One of the functions of a communications server is to provide network users access to 
shared devices such as printers and modems. This can be done if the port connected to 

I 0 " m ° d <™ * configured as a host device port. This configuration is also 
useful for tip and UUCP services. 

Once a port is defined as a host device, the device service is configured as PortMaster 
and a pseudo-tty is chosen for the port. The host device port can now be accessed by' 
establishing a pseudo-tty connection to the port from a UNIX host with the PortMaster 
daemon software installed. In this case, the port operates as a host-controlled device. 
Figure 14-1 shows a diagram of the host device configuration using the PortMaster 
device service and a pseudo-tty connection. 


Overview of Shared Device Configurations 
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Configuring the PortMaster to Access Shared Devices 


Once the port type is set as host device, the device service must be selected and the 
host name entered either for the port, or as the global default host. Hthe: device.service 
is set to PortMaster for pseudo-tty operation, a host name and pseudo-tty must be 
specified. The PortMaster in.pmd daemon must be installed on the specified host 
order to use the PortMaster device service. 



Figure 14-1 Host Device Configuration 

In this configuration, a workstation with in. pmd installed can access a printer attached 
to a PortMaster port as though it was attached to the workstation even if the printer 
on the other side of the country. 

Network Device Configuration 

This configuration sets the port for host device access but uses the rlogin telnet, or 
netdata device service to access the attached device. In this configuration the host 
device name is set as /dev/network. This configuration is used in cases where users 
want to telnet or rlogin to the shared device from multiple hosts or from a host t 
does not support in.pmd. Figure 14-2 shows an example of the network device 

configuration. 

The network user configuration is most commonly used to allow a telnet session with 
the device attached to a specified PortMaster port. The example in this chapter sets 
ports for network access so the administrator can telnet to each modem connected to a 
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Configuring the PortMaster to Access Shared Devices 


PortMaster port for configuration purposes. In this application, each port is identified 
by a unique port number assigned during the configuration process. You can also 
configure a pool of ports at a single TCP port number. 

The netdata (TCP clear) device service is most often used when you want to have a 

custom application open a TCP connection to an RS-232 device, or to connect two serial 
devices across a network. 
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Figure 14-2 Network Device Configuration 

Description of Sample Configuration 

The example described in this chapter allows a user to dial into port S2 on the 
PortMaster to login to a workstation, and access a serial printer attached to port S9, as 
/dev/ttyre, using the PortMaster device service. The workstation user would also 
like to access port S2 as /dev/ttyrf when it is not being used for login service. 

The modem attached to port S2 is connected with a straight-through cable and uses 
hardware flow control and carrier detect. The DTE rate between the modem and the 
PortMaster is locked. 


Description of Sample Configuration 
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Configuring the PortMaster to Access Shared Devices 


In order to use the PortMaster login or device service, the workstation user must install 
the PortMaster daemon, in.pmd in the /usr/etc directory and modify the 
/etc/services and /etc/inetd.conf files to tell the workstation where to find 
in.pmd. You must also add /dev/ttyrf to the /etc/remote file and /dev/ttyre 
to the /etc/printcap file. 

Change the variable values shown in Table 14-1 to actual values that reflect your 
network. 


Table 14-1 Example Configuration Variables 


Variable Description 

Value for this Example 

Name of PortMaster 

pm 

IP address of PortMaster 

192.168.200.1 

Default Host 

192.168.200.2 (the workstation) 

Speed of modem 

28800 bps (DTE rate 115200 bps) 

Host device on S2 (modem) 

/dev/ttyrf 

Host device on S9 (printer) 

/dev/ttyre 

Speed of printer 

9600 baud 


Configuring the Hardware 

To install the hardware for this configuration, follow these steps and the instructions in 
the Hardware Installation Guide for your PortMaster. If you need additional help, refer to 
the "Troubleshooting" chapter of your Hardware Installation Guide. 

1. Unpack the PortMaster. 

2. Connect your local Ethernet network to the Ethernet port and set the network 
selection DIP switch(es) appropriately. 

3. Connect the power cable. 

4. Connect a terminal or PC (9600, 8, N, 1) to the console port marked SO with a null 
modem cable. 

Refer to the Hardware Installation Guide for your PortMaster for more information 
about connecting and configuring a terminal. 
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Configuring the PortMaster to Access Shared Devices 


5. Turn on the power switch. 

The PortMaster performs power on self diagnostics. The self diagnostics are 
displayed to the console if the console DIP switch is UP. 

6. Press [Return] on the console. 

The PortMaster login prompt is displayed. 

7. Type Iroot then press [Return]. 

You are prompted for the administrative password. The PortMaster is shipped 
from the factory without a password. 

8. Press [Return] at the password prompt. 

9. Set the IP address of the new PortMaster by typing: 

Command> set etherO address 192 . 168 . 200.1 

In this example, 192.168.200.1 is the IP address of the PortMaster. A confirmation 
message is displayed showing the new IP address. 

10. Save the address in the nonvolatile memory of the PortMaster by typing: 
Command> save all 

11. Exit the command mode by typing: 

Command> quit 

12. Attach the modem to port S2 with a straight-through cable. 

13. Attach the printer to port S9 with a null modem cable if the printer is a DTE 
device. 

Pinouts for both cables are given in the Hardware Installation Guide. 


Configuring the Hardware 
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Configuring the Software for Shared Device Applications 

In order to use the PMconsole graphical user interface to configure the PortMaster, you 
must install the software on a UNIX workstation or a Microsoft Windows-compatible 
PC. Once the software is installed and started according to the instructions m the 
appropriate Administrator’s Guide, proceed with the configuration. You can also 
configure the PortMaster from the console using the command line interface, or using 
telnet once the PortMaster address is set. 

Setting the Global Parameters 

Set the name of the system to pm using the System Name parameter. If you are using 
PMconsole, the parameter is found in the SNMP window. Refer to your Administrator s 
Guide for more information. Set the Default Host parameter to 192.168.200.2 using the 
Global Parameter window. You can also set the host for ports S2 and S9 to 192.168.200.2 
if you plan to use the other ports for some other host. Set other global parameters that 
apply to your installation. 

Setting the Ethernet Port Parameters 

Set the following Ethernet parameters to the values shown in Table 14-2. 


Table 14-2 Ethernet Parameter Values 


Parameter 

Value 

Protocol 

ppp/ip 

IP Address 

192.168.200.1 

Netmask 

255.255.255.0 

Broadcast Address 

high (192.168.200.255) 

Ethernet 

Enabled 


For more information on Ethernet parameters, refer to Chapter 5, "Configuring the 
Ethernet Interface." 
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Setting the Two Way Serial Port (S2) Parameters 

In our example, the workstation user wants to dial in to port S2 sometimes and tip out 
to the modem connected to port S2 at other times. Configure the S2 port parameters 
with the values shown in Table 14-3. 

Table 14-3 Serial Port Parameter Values (S2) 


Parameter 

Value 

Port Type 

User Login and Host Device (or twoway for command 
line) 

Host Device 

/dev/ttyrf 

Speed 1 

Use 57600 for V.32bis modems and 115200 for V.34 
modems, unless your modem manual instructs 
otherwise. 

Speed 2 

Same as speed 1 

Speed 3 

Same as speed 1 

Modem Control 

On 

Flow Control 

RTS/CTS 

Host 

Default (or 192.168.200.2) 

Security 

Off (if Security is On, you must configure the User Table 
or RADIUS) 

Login Service 

PortMaster 

Device Service 

PortMaster 


All the other parameters should be left at their default values. Once all of the ports are 
configured as shown above, save and reset all of the ports. For more information about 
asynchronous ports, refer to Chapter 6, "Configuring an Asynchronous Port." 


Configuring the Software for Shared Device Applications 
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Setting the Serial Printer Port (S9) Parameters 

In our example, a serial printer is connected to port S9. Configure the S9 port 
parameters with the values shown in Table 14-4. If the printer is a DTE use a null 
modem cable to connect to the port. 

Table 14-4 Serial Port Parameter Values (S9) 


Parameter 

Value 

Port Type 

Host Device 

Host Device 

/dev/ttyre 

Speed 1 

9600 

Speed 2 

Same as speed 1 

Speed 3 

Same as speed 1 

Modem Control 

On 

Flow Control 

Xon/Xoff 

Host 

Default (or 192.168.200.2) 

Device Service 

PortMaster 

Once all of the ports are configured as shown above, save and reset all of the ports. The 
workstation printer subsystem should now be able to send printer jobs to /dev/1tyre 
and reach the printer. 


Setting the Parallel Port (PO) Parameters 

The parallel port PO can be used to access a printer. To configure the PO port for a 
printer, use the values shown in Table 14-5. 

Table 14-5 Parallel Port Parameter Values (PO) 


Parameter 

Value 

Port Type 

Host Device 

Host Device 

/dev/ttyre 
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Table 14-5 Parallel Port Parameter Values (PO) (Continued) 


Parameter 

Host 

Device Service 


Value 


Default (or 192.168.200.2) 
PortMaster 


Configuring a Network Device for Telnet Access 

To access modems or other devices attached to PortMaster ports using telnet, use the 
fabkli-T nfl§Uratl0n Chapter but use the Parameters shown in 


Table 14-6 Serial Port Values to Allow a Telnet Connection to Ports S0-S29 


Parameter 

Value 

Port Type 

Host Device 

Host Device 

/ dev/network 

Modem Control 

Off 

Device Service 

Telnet 6000 through 6029 for ports SO through S29 


To access port SI using telnet from your host, type: 


% telnet pml 6001 


Where pml is the host name of the PortMaster you are accessing and 6001 is the TCP 
port set for the port you are accessing. You can also set several ports to the same TCP 
port to create a pool of ports available for telnet access. 



Note If you are using this configuration to configure your modems, see "Configuring 
Modems and Modem Parameters" on page 6-13 first. ° ® 


Configuring a Network Device for Telnet Access 
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Synchronous Leased Line Connections 



The following topics are described: 

Overview of the leased line configuration 

• Description of hardware configuration 

• Description of the software configuration for a leased line 

• Testing the configuration 


Overview of the Leased Line Configuration 

PortMasters support leased line connections using synchronous nnrtc an H ppd 


inrormation on network numbers and subnetting 
page 2-1. 



e u i uirrerenr locations, ror more 
see "Network Addressing" on 


Overview of the Leased Line Configuration 
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Synchronous Leased Line Connections 


Description of Sample Configuration 

Th e example described in this chapter connects a PortMaster router located in one 
o free with a PortMaster router located in another office using a dedicated leased line 

r p h fi e p !. a " ab eS f S * 0W " in Tahle 15A are used in this example. Change variable values to 
reflect the actual values for your network. 

Table 15-1 Example Configuration Variables for Leased Line Connections 


Variable Description 


Name of router in officel 
IP address of router in officel 
Netmask 
Gateway 

IPX network of router in officel 
IPX Frame Type 


Value for this Example 

officel 

192.168.200.1 
255.255.255.0 

192.168.1.1 
000000F1 

IEEE 802.2 on Ethernet 


Name of router in office2 
IP address of router in office2 
Netmask 


office2 

192.168.1.1 

255.255.255.0 


IPX network of serial link 


000000F3 


Configuring the Hardware 


To install the hardware for this configuration, follow these steps and the instructions in 
the Hardware Installation Guide for your PortMaster. If you need additional help, refer to 
the Troubleshooting" chapter of your Hardware Installation Guide. 

1. Unpack the PortMaster router. 

2. Connect your local Ethernet network to the Ethernet port and set the network 

selection DIP switch appropriately. network 

3. Connect the power cable. 


Description of Sample Configuration 
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4. Connect a terminal or PC (9600, 8, N, 1) to the console port marked SO with a null 
modem cable. 

Refer to the Hardware Installation Guide for your PortMaster for more information 
about connecting and configuring a terminal. 


5. Turn on the power switch. 

The PortMaster performs power on self diagnostics. The self diagnostics are 
displayed to the console if the console DIP switch is UP. 

6. Press [Return] on the console. 

The PortMaster login prompt is displayed. 


7. Type '.root then press [Return]. 

You are prompted for the administrative password. The PortMaster is shipped 
from the factory without a password. 

8. Press [Return] at the password prompt. 

9. Set the IP address of the new PortMaster by typing: 


Coinmand> set etherO address 192 . 168 . 200.1 

In this example, 192.168.200.1 is the IP address of the PortMaster. A confirmation 
message is displayed showing the new IP address. 

10. Set the netmask and broadcast values if necessary. 

11. Save the address in the nonvolatile memory of the PortMaster by typing. 


Command> save all 


12 . 


If you are using PMconsole to configure your PortMaster, instead of the 
command line interface, exit the command line interface by typing: 


Command> quit 
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Configuring the Software for a Leased Line Connection 

In order to use the PMconsole graphical user interface to configure the PortMaster vou 
must install the software on a UNIX workstation or a Microsoft Windows-compatible 
computer. Once the software is installed and started according to the instructions in 
e appropriate PMconsole Administrator's Guide, proceed with the configuration 

i^terfaT S T the PortMaster from the console using the command line 

terface, or using administrative telnet once the PortMaster IP address is set. 

In *e leased line configuration described in this section, the Ethernet address of the 
or aster is used as the address for the serial link and the CSU/DSU must provide 
externa clock or pass external clock from the carrier. Since the PortMaster always uses 

Sled w y ° U K n0t need t0 S6t the Speed ° n the s y nc hronous port, the port 
speed is whatever the carrier sends. If you choose to set a speed it is for documentation 
purposes only; the speed is ignored by the PortMaster. 



Note The PortMaster also supports numbered IP interfaces 
not recommended since it wastes IP address space. 


on leased lines, but this is 


Setting the Global Parameters 


Set the following global parameters to the values shown in Table 15-2. These values 
only apply to this example. Use values appropriate for your network. 

Table 15-2 Global Parameter Values 


Parameter 

Value 

IP Address 

192.168.200.1 

IP Gateway 

192.168.1.1 

Default Route 

Broadcast and Listen 

Name Service (optional) 

DNS 

Name Server (optional) 

192.168.200.2 

Sysname 

officel 


For more information about global parameters, refer to Chapter 4, "Configuring a 


Configuring the Software for a Leased Line Connection 
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Setting the Ethernet Interface Parameters 

Set the following Ethernet parameters to the values shown in Table 15-3. 
Table 15-3 Ethernet Parameter Values 


Parameter 

Value 


Protocol 

IP/IPX (or IP) 


IP Address 

192.168.200.1 


Netmask 

255.255.255.0 


IPX Network 

000000F1 (if you are using IPX) 


IPX Frame Type 

802.2 (if you are using IPX) 


Broadcast Address 

high (192.168.200.255) 


Routing 

On (Broadcast and Listen) 


Ethernet 

Enabled 

-- 


For more information on Ethernet parameters, refer to Chapter 5, "Configuring the 
Ethernet Interface." 


Setting the Synchronous Port Parameters for a Leased Line 
Connection 

Configure the WAN port parameters with the values shown in Table 15-4 for this 
example only. 

Table 15-4 WAN Port Parameter Values 


Parameter 

Value 

Port Type 

Network 

Network Type 

Hardwired 

Transport Protocol 

PPP 

Port IP address 

Unnumbered (0.0.0.0) 

IP Destination 

192.168.1.1 (or Negotiated) 

Netmask 

255.255.255.0 


15-6 


Configuration Guide for PortMaster Products—December 1995 































Synchronous Leased Line Connections 


Table 15-4 WAN Port Parameter Values (Continued) 


Parameter 

Value 

IPX Network 

000000F3 

Line Speed 

Speed is a comment only, the actual speed is set by the 


external clock 

Modem Control 

On or Off depending on the CSU/DSU configuration 

Routing 

On (Broadcast and Listen) 

1 MTU 

1500 


If you are not sure of the IP address on the other end of the connection, you can set the 
11 Destination parameter to Negotiated (255.255.255.255). 


All the other parameters should be left at their default values. For more information 
about synchronous ports, refer to Chapter 7, "Configuring a Synchronous WAN Port." 

Troubleshooting the Configuration 

Most synchronous configurations come up with very little trouble if you have 
configured the PortMaster using information from your carrier. However, if you are 
havmg problems use the information in this section to debug your configuration. 

If you are having trouble with a leased line connection, verify the following: 

• Use the following commands to view the PPP negotiation on port SI, if this is the 
port you are using: 


Command> set console 
Command> set debug 0x51 
Command> reset si 


For more information about the interpreting the results of the debug command 
refer to Interpreting LCP and IPCP Debug Output" on page 19-4. Once you have 
verified that the PPP negotiation is correct, type: 



Troubleshooting the Configuration 
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• The error counters should be 0 except for abort errors. If your counters are 
non-zero, there is a problem external to the PortMaster. 

• Verify that you are using the correct cable and it is attached securely to the correct 
port. Not all WAN ports are capable of the same speeds. 

• Verify that the DIP switch next to the synchronous port is set to V.35 for Livingston 
cables and that you are plugged into the correct V.35 interface on your CSU/DSU. 

• Verify that the CSU/DSU is providing clock to the PortMaster. The CSU/DSU can 
generate the clock or receive it from the carrier. 

• Verify that the CSU/DSU is configured properly. 

• If you have a Cisco router on the other end of your connection, it must be running 
software release 9.14(5) or later and use PPP encapsulation not hdlc. 

• If the framing errors are greater than 0, verify that the router on the other end of 
the connection is running the PPP protocol. 

• If you are still having problems, set the following: 


Command> set debug 0x51 
Command> set console 


Then set the CSU/DSU for local loopback. You should see the following message: 


LCP_APPARENT_LOOP 


For more information about the interpreting the results of the debug command, 
refer to "Interpreting LCP and IPCP Debug Output" on page 19-4. 

• If the local loopback works, take the CSU/DSU out of loopback and set line 
loopback on the remote CSU/DSU. You should see the same result. If you do not, 
the problem is either in the configuration of one of the CSU/DSU's or m the line 

itself. 

• When you have finished, turn off debugging by typing: 


Command> set debug 0 
Command> reset console 


• Contact your carrier to review your configuration and the status of their line. 
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This chapter describes how to 
using Frame Relay. 


use the PortMaster to connect to a synchronous line 


The following topics are described: 

Frame Relay terms 

Overview of the Frame Relay configuration 
Description of hardware configuration 
Description of the software configuration for Frame Relay 
• Testing the configuration 


Frame Relay Terms 


Frame Relay uses several special terms that have created a large amount of 
confusion because of the differences between Frame Relay and other traditional 
telecommunications methods. In this section, the technology behind Frame Relay is 

escribed briefly, and special terms which are defined in the glossary are highlighted in 

bold print. ° ° 

Frame Relay is a switched digital service, which supports multiple virtual circuits 
being simultaneously connected to a site by a single physical circuit. The principle is 
that a site connects via a physical circuit to a Frame Relay network or cloud Each site 
requires only one physical circuit into the cloud, but can have as many virtual circuits 
as necessary to reach any other sites attached to the cloud. It is possible for Frame 
Relay to support Switched Virtual Circuits (SVCs) or Permanent Virtual Circuits 
a CS ° Ut t ^ ie Port Master (and most communications providers) only support PVCs 
A PVC is used to connect any point A attached to the network to any other point B 
attached to the network. Each PVC is given a unique number on each physical circuit 
in the path from point A to point B. This number is called a DLCI (Data Link Channel 

entiner). The DLCI is automatically changed as it passes through each switch in the 
path to the number for the PVC on the next physical circuit in the path. Generally, the 
only two DLCI numbers the customer ever sees are the ones used on the physical' 
circuits at each end. Other numbers are usually kept internal to the 
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telecommunications provider. A DLCI is different from a network address in that it 
identifies a circuit in both directions, not a particular endpoint. That is, a frame 
contains only one DLCI, not a source and destination. 

The physical circuit between point A and the network must be ordered with a certain 
line speed This is the physical maximum bandwidth for your connection to the Frame 
Relay network. Expansion beyond this limit is not possible without a hardware change, 
and a new circuit installation. 

The connection into the telecommunications provider's Frame Relay network must be 
ordered at a particular port speed, which is the maximum bandwidth rate that the 
telecommunications provider accepts from your connection. This number must be less 
than or equal to the line speed. This speed is the maximum rate at which you can 
transmit data to any of your PVCs under any circumstances. The port speed differs 
from line speed only in that it can be upgraded through software without a circuit 
installation or hardware change. 

Each PVC has a property known as Committed Information Rate (CIR), which 
represents the guaranteed minimum bandwidth available to the particular PVC under 
all conditions. In some implementations, an additional property can be assigned to a 
PVC, known as "burst speed" or "maximum burst". This speed represents the highest 
rate at which data is allowed to flow over a given PVC regardless of bandwidth 
availability. 

The PortMaster pushes as much data out of the serial port as it can at port speed for 
any PVC that has traffic, regardless of CIR. The Frame Relay switch passes as much of 
the data as possible on to the next link. However, once a particular PVC has 
transmitted its CIR worth of bits each second, the switch marks any additional frames 
as "Discard Eligible". If the switch receives more frames than it can pass along, the 
frames are automatically discarded in the following order. 

• Frames that would be marked Discard Eligible even if they are forwarded 

• Frames received that were marked as Discard Eligible 

• If the switch must discard other frames, the behavior is undefined. In this case, the 
Frame Relay network is improperly configured because the CIR total exceeds the 
line speed or port speed. 

When ordering Frame Relay service for a private network, it is generally best to order 
large bandwidth physical circuits (Tl), with port speed appropriate to the application, 
and a CIR that is just barely high enough to provide minimally acceptable performance 
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for your application. Remember, in most cases you usually get close to your port 

speed. The CIR is a guaranteed minimum throughput, not a maximum limit Port 
speed is the maximum limit. 

The following Frame Relay terms relate to network management. The Frame Relav 
specification supports automatic network status updates, which are exchanged 
between adjacent devices in the Frame Relay network. These status updates are known 
as Local Management Interface (LMI). There are two forms of LMI available in the 
Portmaster. Cisco/Stratacom LMI, which is commonly referred to as LMI, and ANSI 
.617 Annex D LMI, which is commonly referred to as Annex-D. Generally your 
telecommunication 8 provider offers three options for LMI on your physical circuit: 

MI, Annex-D, or none. LMI is only between your router and the switch to which your 
physical circuit connects. Therefore, it does not matter what the remote ends of any of 
your PVCs are using. However, it is important that your circuit LMI matches the 
configuration on your PortMaster. Generally, Annex-D is recommended, since it is a 
more feature-rich and robust version of LMI. 


Overview of the Frame Relay Configuration 


Frame Relay is a method of encapsulating network information that allows for fast 
delivery and high line utilization. PortMasters support Frame Relay over synchronous 
ports. The PortMaster IRX supports speeds up to Tl/El on ports SI and S3. The IRX 
also supports speeds up to 64Kbps on ports S2 and S4. The PortMaster PM-2R series 
supports up to Tl/El speeds on the W1 port. 

Frame Relay is configured by selecting the Frame Relay protocol, setting the IP address 
o the port, and specifying the Data Link Connection Identifiers (DLCIs) during the 
synchronous port configuration. The PortMaster can also discover DLCIs dynamically 
ea T the I ^ ddresses of the other routers through inverse ARP if you use eithe/ 

• MI ° r Si®’ 0 keepahves and the other routers on your Frame Relay cloud support 
inverse ARP as specified in RFC 1490. Both LMI and Annex-D keepalives are ?P 

supported on PortMasters. In this configuration, the PortMaster sends an LMI status 
request every 10 seconds (default). Every sixth request is a full status request, the 
others are keepalives. In this configuration the port state is CONNECTING until it 
receives replies from the switch, then the port state becomes ESTABLISHED. After six 
unanswered requests, the PortMaster resets the port. Figure 16-1 shows an example of 
a Frame Relay connection. F 



Note - All synchronous ports require external clock to regulate the port speed. 
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Figure 16-1 Frame Relay Configuration 
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Description of Sample Configuration 

The example described in this chapter connects a PortMaster router located in one 
office with a PortMaster router located in another office using Frame Relay on a 
synchronous interface. The values shown in Table 16-1 are used in this example. 
Change values to reflect the actual values for your network. 

Table 16-1 Example Configuration Variables for Frame Relay Connections 


Variable Description 

Value for this Example 

Name of router in officel 

officel 

EtherO IP address of router in officel 

192.168.200.1 

EtherO Netmask 

255.255.255.0 

Gateway 

192.168.20.2 

Protocol for port SI in officel 

Frame Relay 

IP address for port SI in officel 

192.168.20.1 

Netmask for port SI in officel 

255.255.255.0 

DLCI list for port SI in officel 1 

16:192.168.20.2 

Annex-D for port SI in officel 

10 seconds (If used, DLCI list is 
optional); LMI is also available. 

Name of router in office2 

office2 

EtherO IP address of router in office2 

192.168.1.1 

EtherO Netmask 

255.255.255.0 

Protocol for port SI in office2 

Frame Relay 

IP address for port SI in offke2 

192.168.20.2 

Netmask for port SI in office2 

255.255.255.0 

DLCI list for port SI in office2 

16:192.168.20.1 

Annex-D for port SI in office2 

10 seconds (If used, DLCI list is 
optional); LMI is also available. 


L provided by your carrier (PVQ d ° n °* haW *° USe toe same number for their DL CI's. Use the DLCI's 


Description of Sample Configuration 
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Configuring the Hardware 

To install the hardware for this configuration, follow these steps and the instructions m 
the Hardware Installation Guide for your PortMaster. If you need additional help, refer to 
the "Troubleshooting" chapter of your Hardware Installation Guide. 

1. Unpack the PortMaster router. 

2. Connect your local Ethernet network to the Ethernet port and set the network 
selection DIP switches appropriately. 

3. Connect the power cable. 

4. Connect a terminal or PC (9600, 8, N, 1) to the console port marked SO with a null 
modem cable. 

Refer to the Hardware Installation Guide for your PortMaster for more information 
about connecting and configuring a terminal. 

5. Turn on the power switch. 

The PortMaster performs power on self diagnostics. The self diagnostics are 
displayed to the console if the console DIP switch is UP. 

6. Press [Return] on the console. 

The PortMaster login prompt is displayed. 

7. Type Iroot then press [Return]. 

You are prompted for the administrative password. The PortMaster is shipped 
from the factory without a password. 

8. Press [Return] at the password prompt. 

9. Set the IP address of the new PortMaster by typing: 

Coitimand> set etherO address 192 . 168 . 200.1 

In this example, 192.168.200.1 is the IP address of the PortMaster. A confirmation 
message is displayed showing the new IP address. 

10. Set the netmask and broadcast values if necessary. 
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11. Save the address in the PortMaster nonvolatile memory by typing: 


Coimnand> save all 


12. If you are using PMconsole to configure your PortMaster, instead of the 
command line interface, exit the command line interface by typing: 


Cominand> quit 


Configuring the Software for a Frame Relay Connection 

!l°«t der fnT the PMconsole graphical user interface to configure the PortMaster, you 
must install the software on a UNIX workstation or a Microsoft Windows-compatible 
computer. Once the software is installed and started according to the instructions in 
the appropriate PMconsole Administrator's Guide, proceed with the configuration You 
can also configure the PortMaster from the console using the command line interface 
or using administrative telnet once the PortMaster IP address is set. 


Setting Global Parameters 


Set the name of the system to officel using the System Name parameter and the IP 
Gateway parameter to 192.168.20.2. If you are using PMconsole, the System Name 

parameter is found in the SNMP Window. Refer to the PMconsole Administrator's Guide 
for more information. 


For this example configuration, none of the other global parameters need to be set 
However, you may want to define some of these parameters for your installation. ' 

Setting the Ethernet Interface Parameters 

Set the following Ethernet parameters on officel to values appropriate for your 
network. The values shown in Table 16-2 apply to this example only. 

Table 16-2 Ethernet Parameter Values 


Parameter 

Value 

IP Address 

192.168.200.1 

Netmask 

255.255.255.0 


Configuring the Software for a Frame Relay Connection 
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Table 16-2 Ethernet Parameter Values (Continued) 


Parameter 

Value 


Broadcast Address 

high (192.168.200.255) 


Routing 

On (Broadcast and Listen) 


Ethernet 

Enabled 



For more information on Ethernet parameters, refer to Chapter 5, “Configuring the 
Ethernet Interface." 


Setting the Synchronous Port Parameters for a Frame Relay 
Connection 

Configure the WAN port parameters with values appropriate for your network. The 
values shown in Table 16-3 apply to this example only. 

Table 16-3 WAN Port Parameter Values 


Parameter 

Value 

Port Type 

Network 

Network Type 

Hardwired 

Protocol 

Frame Relay 

Port IP address 

Specified 192.168.20.1 

Netmask 

255.255.255.0 

Speed 

(speed is set by external clock) 

Modem Control 

On or Off depending on the CSU/DSU configuration 

Routing 

On (Broadcast and Listen) 

Compression 

Disabled 

Annex-D 

10 seconds (LMI can be used instead of Annex-D) 

DLCI List 

16:192.168.20.2 (or empty if remote router supports 
inverse ARP) 1 
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If LMI or Annex-D is set, the PortMaster receives DLCI information in the full status 
update messages from the Frame Relay switch. The PortMaster then attempts to 
discover IP addresses of other routers using inverse ARP. You can set DLCI lists 

DLCnists^orThe SI ^>or " P ^ lis te bott, fte st aHc and dynamic 

If Annex-D is available from your carrier for a new connection, it is preferable to LMI. 

To connect to Cisco routers using Frame Relay, the Cisco router must be set to use 
encapsulation frame-relay ietf for the serial interface; otherwise, the frame 
map for your DLCI must have the ietf argument appended. 

For more information about synchronous ports, refer to Chapter 7, "Configuring a 
Synchronous WAN Port." s g a 


Troubleshooting the Configuration 


Most synchronous configurations come up with very little trouble if you have 
configured the PortMaster using information from your carrier. If you are having 
problems use the information in this section to debug your configuration 


If you are having trouble with a Frame Relay connection, verify the following: 

• The error counters should be 0 except for abort errors. If your counters are 
non-zero, there is a problem external to the PortMaster. 


Verify that you are using the correct cables and they are attached securely to the 
correct port. Not all WAN ports are capable of the same speeds. 

Verify that the DIP switch is set to V.35 for Livingston cables and that you are 
plugged into the correct V.35 interface on your CSU/DSU. 

Verify that the CSU/DSU is providing the clock to the PortMaster. The CSU/DSU 
can generate the clock or receive it from the carrier. 

Verify that the CSU/DSU is configured properly. 

Contact your carrier to review your configuration and the status of their line. 

Use the following two commands to view the LMI or Annex-D keepalives: 


Command> set console 
Command> set debug 0x51 


Troubleshooting the Configuration 
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Once you have verified that the proper keepalives are being received, type: 


Command> set debug 0 
Coiranand> reset console 


• If vou have a Cisco router on the other end of your connection, it must be set for 
encapsulation frame-relay ietf for the serial interface; otherwise, the 
frame map for your DLCI must have the ietf argument appended on the Cisco. 


Frame Relay Subinterface 


The PortMaster supports a feature called DLCI bundling to allow splitting one 
synchronous port, with multiple DLCIs, into two Frame Relay subinterfaces. In this 
configuration the DLCIs are divided between the subinterfaces using the Location 
Table and the DLCI Table. Only two subinterfaces per port are currently supported, 
and are referred to as the "primary subinterface" and "secondary subinterface. Eac 
subinterface must have its own subnet or assigned network. Active discovery of DLCIs 
via LMI or Annex-D only occurs on the primary subinterface. The secondary 
subinterface can have an unlimited number of DLCIs. 


The Frame Relay subinterfaces can only be set using the command line interface. For 
example, add a location with the protocol type set to frame: 


Command> set si group 1 

Command> add location example 

Command> set location example protocol frame 

Command> set location example group 1 


The rest of the Location Table entries are set as described in Chapter 9, "Configuring 
Dial-Out Locations," including IP address for the interface, routing, and filtering. 


The next step in configuring the subinterfaces is to create an entry in the DLCI Table. 
Entries can be followed with an optional IP address or hostname. The keywor 
"ipdlci" is a synonym for "dlci". The keyword "ipxdlci" is also available for IPX 
networks. To create a DLCI Table entry, type: 
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Coiranand> add dlci example 16 
Command> add dlci example 19 192.168.2.19 
Command> add ipdlci example 20 192.168.2.20 
Command> add ipxdlci example 21 OeOaOOle 


To remove an entry, use the delete command as follows: 


Command> delete dlci example 
Command> delete ipxdlci example 21 


There is no show table dlci command. Instead, entries which are added 

are linked to the Location Table. Therefore, the show location example 

displays the DLCI entries. 


or deleted 
command 


You can only have one Location Table entry per Frame Relay interface (allowing one 
secondary subinterface), so you can have some DLCIs as part of one location and other 
DLCIs as part of the port interface. Multiple secondary subinterfaces are not supported 


Troubleshooting Subinterfaces 


Packets received on a subinterface can only be identified as belonging to that 
subinterface if the DLCI is properly entered in the DLCI Table for that location If 
are having problems, verify the following: 

• Check the list of DLCIs tied to each location using the show location 
Location_Name command 


you 


Verify the DLCI list on a location using the show arp frmxx command 
• Always reset the port after changing the DLCI list 

Verify that all DLCIs are accounted for by checking the DLCI list for your primary 
interface. If you enter the wrong DLCI for the subinterface then the real DLCI for 
the submterface shows up as belonging to the primary interface, if LMI or 
Annex-D is in use. 


Frame Relay Subinterface 
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Example of a Frame Relay Subinterface 

This example is for an IRX-111 with Frame Relay coming into port SI with DLCIs 16, 
17, and 18. Port SI has already been configured for Frame Relay, so that portion is no 
shown here. The following commands split the Frame Relay into a primary 
subinterface for DLCI18, and a secondary subinterface for DLCIs 16 and 17. 


Command> set si group 1 

Command> add location subl 
Command> set location subl 
Command> set location subl 
Command> set location subl 
Command> set location subl 
Command> set location subl 

Command> add dlci subl 16 
Command> add dlci subl 17 

Coimnand> same all 
Command> reset si 


You now have the following two subinterfaces: 

• DLCI 18 on si 

• DLCI 16 and 17 on si (subl) 


protocol frame 
group 1 

address 192.168.3.1 
netmask 255.255.255.0 
routing on 



Note - You could not define another subinterface on port SI using other DLCIs, but 
vou could add other DLCIs to either of these two existing subinterfaces. A future 
release will remove this restriction and allow you to divide each Frame Relay interface 
into as many virtual subinterfaces as you like. 
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Connections \ 7 


This copter describes how to use the PortMaster to connect two Local Area Networks 

(LANs) via synchronous V.25bis dialing applications such as, ISDN, terminal adapters 
or switched 56K. r ' 

The following topics are described: 

• Overview of the ISDN and switched 56K configuration 

• Description of hardware configuration 

Description of the software configuration for ISDN with a V.25bis terminal adapter 
or switched 56K F 

• Testing the configuration 


Overview of the ISDN and Switched 56K Configurations 

PortMasters support dial on-demand ISDN and switched 56K connections using 
synchronous ports and the PPP protocol. ISDN speeds of up to 64Kbps are possible 
with an outside carrier and an external terminal adapter (TA). Speeds of up to 128Kbps 
are possible if the TA supports B-channel BONDING. Contact your service provider for 
specific information about the required terminal adapter. 

Switched 56K connections require an external CSU/DSU. ISDN and switched 56K 
connections can be initiated on an as-needed basis or they can remain active all the 
time. A dial-out location must be specified in the Location Table for dial-out 
connections and a dial-in user must be specified in the User Table for dial-in 
connections. 

PAP is available for dial-in authentication, when a router dials into your PortMaster. 
CHAP is available for dial-in and dial-out authentication. 

When connecting an asynchronous ISDN terminal adapter to an asynchronous port 
using AT commands to dial, configure the PortMaster just as you would for a modem. 
Refer to Chapter 11, "Connecting a Branch Office to the Main Office" and Chapter 12 
Connecting Your Office to the Internet" for more information. In this configuration 
keep in mind that a 115.2Kbps asynchronous DTE rate can only support a single ' 
64Kbps B-channel, because it takes 10 bits to send a byte of asynchronous data 
(including the start and stop bits). However, it takes only 8 bits to send a byte of 

Overview of the ISDN and Switched 56K Configurations 
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synchronous data. Therefore, a 115.2Kbps DTE rate cannot properly support two 
64Kbps B-channels because the TA is unable to buffer the excess data when data is 
coming in from the ISDN line at 16 kilobytes/second and the DTE can only accept 11.5 
kilobytes/second. 

Figure 17-1 shows an example of an ISDN or switched 56K connection. 




Figure 17-1 Example of an ISDN or Switched 56K Connection 
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Description of Sample Configuration 


his exa mpl e connects a PortMaster located in one office with a PortMaster located in 
another office using a synchronous interface that is initiated on-demand using an ISDN 
or switched 56K connection. The variables shown in Table 17-1 are used in this 
example. Change variable values to reflect the actual values for your network 


Table 17-1 Example Configuration Variables for V.25bis Connections 


Variable Description 

Value for this Example 

Name of router in officel 

officel 

IP address of router in officel 

192.168.200.1 

Netmask 

255.255.255.0 

Gateway 

192.168.1.1 

IPX network of router in officel 

000000F1 

IPX Frame Type 

IEEE 802.2 on Ethernet 

Phone number of router in officel 

17005551111 

Name of router in office2 

office2 

IP address of router in office2 

192.168.1.1 

Netmask 

255.255.255.0 

IPX network of router in office2 

000000F2 

IPX Frame Type 

IEEE 802.2 on Ethernet 

Phone number of router in office2 

17005552222 

IPX network of the serial link 

000000F3 


Configuring the Hardware 


To install the hardware for this configuration, follow these steps and the instructions in 
the Hardware Installation Guide for your PortMaster. If you need additional help, refer to 
the Troubleshooting" chapter of your Hardware Installation Guide. 

1. Unpack the PortMaster router. 

2. Connect your local Ethernet network to the Ethernet port and set the network 
selection DIP switch appropriately. 


Description of Sample Configuration 
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3. Connect the power cable. 

4. Connect a terminal or PC (9600, 8, N, 1) to the console port marked SO with a null 
modem cable. 

Refer to the Hardware Installation Guide for your PortMaster for more information 
about connecting and configuring a terminal. 

5. Turn on the power switch. 

The PortMaster performs power on self diagnostics. The self diagnostics are 
displayed to the console if the console DIP switch is UP. 

6. Press [Return] on the console. 

The PortMaster login prompt is displayed. 

7. Type Iroot then press [Return]. 

You are prompted for the administrative password. The PortMaster is shipped 
from the factory without a password. 

8. Press [Return] at the password prompt. 

9. Set the IP address of the new PortMaster by typing: 

Command> set etherO address 192.168.200.1 


In this example, 192.168.200.1 is the IP address of the PortMaster. A confirmation 
message is displayed showing the new IP address. 

10. Set the netmask and broadcast values if necessary. 

11. Save the address in the PortMaster nonvolatile memory by typing: 


Command> save all 


12 If you are using PMconsole to configure your PortMaster, instead of the 
command line interface, exit the command line interface by typing: 


Convmand> quit 
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Synchronous V25bis Dial-Up Connections 


Configuring the Software for an ISDN or Switched 56K Connection 


n order to use the PMconsole graphical user interface to configure the PortMaster, you 
must install the software on a UNIX workstation or a PC running Microsoft Windows. 

nee the software is installed and started according to the instructions in the 
appropriate PMconsole Administrator's Guide, proceed with the configuration. You can 
also configure the PortMaster from the console using the command line interface or 
using administrative telnet once the PortMaster IP address is set. 

The configuration using V.25bis dialing for both ends of the connection is given in this 
section. 


Configuring ISDN or Switched 56K on officel 

The PortMaster in Office 1 (officel) is being configured for a V.25bis dial-up 
synchronous connection to the PortMaster in Office 2 (office2). 

Setting the Global Parameters on officel 

Set the following global parameters to the values shown in Table 17-2. These values 
only apply to this example. Use values appropriate for your network. If you are using 
PMconsole, the System Name parameter is found in the SNMP Window. Refer to the 
PMconsole Administrator s Guide for more information. 

Table 17-2 Global Parameter Values on officel 

Parameter Value 

IP Gateway 192.168.1.1 

Default Route Broadcast 

Sysname officel 

For more information about global parameters, refer to Chapter 4, "Configuring a 
PortMaster." ° ° 


Configuring the Software for an ISDN or Switched 56K Connection 
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Synchronous V.25bis Dial-Up Connections 


Setting the Ethernet Interface Parameters on officel 

Set the following Ethernet parameters to the values shown in Table 17-3. 
Table 17-3 Ethernet Parameter Values on officel 


Parameter 

Value 

Protocol 

IP/IPX 

IP Address 

192.168.200.1 

Netmask 

255.255.255.0 

IPX Network 

000000F1 

IPX Frame Type 

802.2 

Broadcast Address 

high (192.168.200.255) 

Routing 

On (Broadcast and Listen) 

Ethernet 

Enabled 


For more information on Ethernet parameters, refer to Chapter 5, "Configuring the 
Ethernet Interface." 


Setting the Synchronous Port Parameters on officel 

Configure the synchronous WAN port parameters with the values shown in Table 17-4 
for the example in this chapter. Your configuration should reflect your network. 


Table 17-4 WAN Port Parameter Values on officel 


Parameter 

Value 

Port Type 

Network 

Network Type 

Twoway (Dial In&Out) 

Line Speed 

The speed is a comment only, the actual speed is set by 
the external clock 

Modem Control 

On 

Dial Group 

0 (same as for Location Table entry) 
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Synchronous V25bis Dial-Up Connections 


All the other parameters should be left at their default values. For more information 
about synchronous ports, refer to Chapter 7, "Configuring a Synchronous WAN Port." 


Defining the Dial-In User on officel 


A user account must be set up on the router officel so the PortMaster office2 can dial 
m when traffic is queued. The new user office2 should be configured on officel with 
the parameter values shown in Table 17-5. 


Table 17-5 User Table Parameter Values for User office2 


Parameter 

Value 

User Name 

office2 (must be the SNMP system name of the remote 
PortMaster) 

Password 

anypasswd 

(The password must match the password for user 
officel on PortMaster office2) 

Type 

Network User/Normal 

Protocol 

PPP 

User IP Address 

Specified 192.168.1.1 

Netmask 

255.255.255.0 

IPX Network 

000000F3 

Routing 

On (Broadcast and Listen) 

MTU 

1500 


No compression is used on synchronous lines. For more information about configuring 
User Table parameters, refer to Chapter 8, "Configuring Dial-In Users." 
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Defining a Dial-Out Location on officel 


A location entry on the PortMaster officel must be created for the location identified as 
office 2. This allows the router officel to call the PortMaster office2 when network 
traffic is queued. The new location office2 should be configured on officel with the 
parameter values shown in Table 17-6. 


Table 17-6 Location Table Parameter Values for Location office2 


Parameter 

Value _ 

Location Name 

Type 

office2 

Manual (The location is set for manual dialing until 
after the configuration has been tested. Once the 
configuration is verified the Type is changed to 
On-Demand.) 

Protocol 

PPP 

IP Destination 

Specified 192.168.1.1 

Netmask 

255.255.255.0 

IPX Network 

000000F3 

Routing 

On (Broadcast and Listen) 

MTU 

1500 

Idle Timeout 

5 minutes 

Maximum Ports 

1 (If you are not using multi-line load-balancing.) 

High Water Mark 

0 (If you are not using multi-line load-balancing.) 

Dial Group 

0 (same as for WAN port) 

Dial Script 

V25bis 

Send and Expect Pairs 

Send: CRN17005552222 (V.25bis dialing does not require 
the carriage return) 

Expect: =DCD= 


For more information about configuring Location Table parameters, refer to Chapter 9, 
"Configuring Dial-Out Locations. 

After the port, user, and location parameters are entered, the port should be reset to 
make the new configuration active. 
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Synchronous V25bis Dial-Up Connections 


Configuring a V.25bis Dial-Up Connection on office2 

The PortMaster in Office 2 (office2) is being configured for a V.25bis dial-up 
synchronous connection to the PortMaster in Office 1 (officel). 


Setting the Global Parameters on office2 


Set the following global parameters to the values shown in Table 17-7. These values 
only apply to this example; use values appropriate for your network. If you are using 
PMconsoie the System Name parameter is found in the SNMP Window. Refer to the 
I Mconsole Administrator s Guide for more information. 


Table 17-7 Global Parameter Values on office2 

Parameter Value 

IP Gateway Set to the address of the next upstream router 

Default Route Off 

Sysname office2 


Setting the Ethernet Interface Parameters on office2 

Set the following Ethernet parameters to the values shown in Table 17-8. 
Table 17-8 Ethernet Parameter Values on office2 


Parameter 

Value 

Protocol 

IP/IPX 

IP Address 

192.168.1.1 

Netmask 

255.255.255.0 

IPX Network 

000000F2 

IPX Frame Type 

802.2 

Broadcast Address 

high (192.168.200.255) 

Routing 

On (Broadcast and Listen) 

Ethernet 

Enabled 
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Synchronous V.25bis Dial-Up Connections 


Setting the Synchronous Port Parameters on office2 

Configure the synchronous port parameters with the values shown in Table 17-9 for the 
example in this chapter. Your configuration should reflect your network. 


Table 17-9 WAN Port Parameter Values for office2 


Parameter 

Value 

Port Type 

Network 

Network Type 

Twoway (Dial In&Out) 

Transport Protocol 

PPP 

Port IP address 

Un-numbered 

Netmask 

255.255.255.0 

Line Speed 

The speed is a comment only, the actual speed is set by 
the external clock 

Modem Control 

On 

Group 

0 


Defining the Dial-In User on office2 


A user account must be set up on the router office2 so the PortMaster officel can dial 
in when traffic is queued. The new user officel should be configured on office2 with 
the parameter values shown in Table 17-10. 


Table 17-10 User Table Parameter Values for User officel 


Parameter 

Value 

User Name 

officel (must be the SNMP system name of the remote 
system) 

Password 

anypasswd 

(The password must match the password for user 
office2 on PortMaster officel) 

Type 

Network User/Normal 

Protocol 

PPP 

User IP Address 

Specified 192.168.200.1 
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Synchronous V.25bis Dial-Up Connections 


Table 17-10 User Table Parameter Values for User officel (Continued) 


Parameter 

Value 

Netmask 

255.255.255.0 

IPX Network 

000000F3 

Routing 

On (Broadcast and Listen) 

MTU 

1500 

Compression 

Off 


No compression is used on synchronous lines. For more information about 
User Table parameters, refer to Chapter 8, "Configuring Dial-In Users." 


configuring 


Defining a Dial-Out Location on ojfice2 


a. Off 1 tT 7 n n the u PortMaster ' office2 ' ™*t be created for the location identified 
as officel. This allows the router, office^ to call the PortMaster, officel, when network 

traffic is queued. The new location officel should be configured on office2 with the 
parameter values shown in Table 17-11. 


Table 17-11 Location Table Parameter Values for Location officel 


Parameter 

Value 

Location Name 

officel 

Type 

Manual (The location is set for manual dialing until 
after the configuration has been tested. Once the 
configuration is verified the Type is changed to 
On-Demand.) 

Protocol 

PPP 

IP Destination 

Specified 192.168.200.1 

Netmask 

255.255.255.0 

IPX Network 

000000F3 

Routing 

On (Broadcast and Listen) 

MTU 

1500 

Idle Timeout 

5 minutes 
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Synchronous V.25bis Dial-Up Connections 


Table 17-11 Location Table Parameter Values for Location officel (Continued) 


Parameter 

Value 

Maximum Ports 

1 (If you are not using multi-line load-balancing.) 

High Water Mark 

0 (If you are not using multi-line load-balancing.) 

Dial Group 

0 

Dial Script 

V25bis 

Send and Expect Pairs 

Send: CRN17005551111 

Expect: =DCD= 


Use the dialer to connect between the two offices. Once everything is working 
properly, reset the ports and change the Location Type parameter from Manual to 
On-Demand on both routers. 


Troubleshooting the Configuration 


Most synchronous configurations come up with very little trouble if you have 
configured the PortMaster using information from your carrier. If you have problems 
use the information in this section to debug your configuration. 


Troubleshooting V.25bis Dial-Up Connections 

If you are having trouble with a V.25bis dial-up connection, verify the following: 

• The error counters should be 0 except for a small number of abort errors resulting 
from plugging cables in or out. If your error counters are non-zero, there is a 
problem external to the PortMaster. 

• Verify that you are using the correct cables and they are attached securely to the 
correct port. Not all WAN ports are capable of the same speeds. 

• Verify that the DIP switch is set to V.35 for Livingston cables and that you are 
plugged into the correct V.35 interface on your CSU/DSU. 

• Verify that the CSU/DSU or synchronous terminal adapter is providing the clock 
to the PortMaster. The CSU/DSU or TA can generate the clock or receive it from 
the carrier, it does not matter to the PortMaster. 

• Verify that the CSU/DSU or synchronous terminal adapter is configured properly. 

• Contact your carrier to review your configuration and the status of their line. 
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Synchronous V.25bis Dial-Up Connections 


Use the following commands to view the PPP negotiation: 


officel> set console 
officel> set debug 0x55 
officel> dial office2 


For more information about the interpreting the results of the debug command 

Aa Te^PP LCP t a "t d ‘ PCP Deb “ 8 ° U,PUt " ° n Page W ' 4 ° n “ S'™ 
verified that the PPP negotiation is correct, type: 


Command> set debug 0 
Command> reset console 


Troubleshooting the Configuration 
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ISDN Connections 



SCvClSDNt'4^2^ 

The following topics are described: 

Overview of the ISDN configuration 
ISDN BRI configuration commands 
Description of hardware configuration 

Description of the software configuration for ISDN with integrated NT1 
Testing the configuration 


Overview of the ISDN Configuration 


multi-link ITpTdSd^^CmTo^sfalT' 1 '° ‘7™* b “ dwid,h - either “ si "S 

“ r d confl r ,han ^'zr :%%£££?** 

ecause the NT1 is integrated in the port, so no modem, CSU/DSU or external 
termmal adapter is required. ' external 

zezzzszszzs tr 

CHAP is available for dial-in or dial-out authentication PAP is available fnr n- 1 • 

rrr * xsz&sz , 

“ orma,ion about your isdn swi,ch 


Overview of the ISDN Configuration 
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ISDNBRI Port Configuration Commands 


Two special parameters need to be configured 

service: the ISDN Switch type and a Service Profile Identifier (SPID) for each port. 
Optionally a directory number for each port can be specified. 
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ISDN Connections 


To display ISDN debug information on the console, use the following commands: 


Command> set console 
Command> set debug isdn on 


To turn off debugging, use the following commands: 


Coinmand> set debug isdn off 
Coiranand> reset console 


ISDN Switch Type 


The ISDN Switch Type is a global configuration parameter that can be spt tn n f 
three yalues: DMS-100, NI-1 (National ISDN-1), or 5ESS, also known as ATT-5ESS 
Obtam the switch type from your telephone company. Use one of the folYowinf 
commands to set the switch type. The default is NI-1. 8 


Command> set isdn-switch ni-1 
Command> set isdn-switch dins-100 
Command> set isdn-switch 5ess 


SPID 


r rofil ! Wentiliei (SPID) is a number “P 20 digits long set for each Dort 

TOuti'fhfte SPln'r" ' 0 h'r e te ! r eph ° ne com P a "y- The telephone company provides 
you with the SPIDs for each line. To set the SPID, use the following command: 


Command> set slO spid 1510555121200 


The set debug isdn on command shows any invalid SPIDs. 

Terminal Identifier (TID) 

The Terminal Identifier (TID) is a numeric value used by some telephone companies 
or a ihona identification. Some telephone companies require the SPID while others 

“ en confisuring the po ~ the 


ISDN BRI Port Configuration Commands 
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ISDN Connections 


Directory Number 


the call Ihould be taken on. The Directory Number must be set m order to allow . 
multilink calls from the PowerLinkl28 ISDN Card. 

Use either of the following commands to set the Directory Number. 


Coitvmand> set slO dn 510555111 
Command> set slO directory 510555111 


ISDN Port Configuration Tips 


ISDN ports are simpler to configure than asynchronous ports. Note the following 

• Modem control (carrier detect), flow control, and speed are not set on an ^ N 
port The PortMaster senses the speed and sets the port to 64000 bps or 56000 bps 
Lcordingly Flow control is not set on a synchronous line since clock is provided 
by the telephone company and carrier detect is always used. 

Refer to your Hardware Installation Guide for information on ISDN LED activity. 

• The ISDN ports support synchronous PPP and asynchronous V.120 PPP or SLIP. 
The show port command displays 64000/async if the port is in use for an 
asynchronous V.120 connection. 

• ISDN ports can be configured for all of the same functions as an asynchronous 

port, except that network hardwired is not supported. 

• When using the ISDN port for network dial-out, the ^Sbis 

V.25bis script and authenticate using CHAP, or using wi 

Send string. 
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ISDN Connections 


Description of Sample Configuration 


This example connects a PortMaster located in one office with a PortMaster located in 
another office ustng an on-demand ISDN connection. The variables shown iT 

you "ne^ort m e><amP Va ™ ble Va ' UeS '° ac,ual values ,hat effect 


™ e Example Configuration Variables for an ISDN Connection 


Variable Description 

Value for this Example 

Name of router in officel 

officel 

IP address of router in officel 

192.168.200.1 

Netmask 

255.255.255.0 

Gateway 

192.168.1.1 

IPX network of router in officel 

000000F1 

IPX Frame Type 

IEEE 802.2 on Ethernet 

ISDN Switch Type for officel 

NI-1 

ISDN Phone numbers of 2 B channels in 
officel 

17005551111, 17005551112 

SPID for 2 B channels in officel 

700555111100, 700555111201 

Name of router in office2 

office2 

IP address of router in office2 

192.168.1.1 

Netmask 

255.255.255.0 

IPX network of router in office2 

000000F2 

IPX Frame Type 

IEEE 802.2 on Ethernet 

ISDN Switch Type for office2 

NI-1 

ISDN Phone numbers of 2 B channels in 
office2 

17005552222, 17005552223 

SPID for 2 B channels in office2 

700555222200, 700555222301 

| IPX network of the serial link 

000000F3 


Description of Sample Configuration 
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ISDN Connections 


Configuring the Hardware 


To install the hardware for this configuration, follow these steps and“ 
the Hardware Installation Guide for your PortMaster. If you need additional help, 
the "Troubleshooting" chapter of your Hardware Installation Guide. 


1. Unpack the PortMaster router. 

2. Connect your local Ethernet network to the Ethernet port and set the network 
selection DIP switch appropriately. 

3. Connect the power cable. 

4. Connect a terminal or PC (9600, 8, N, 1) to the console port marked SO with a null 
modem cable. 

Refer to the Hardware Installation Guide for your PortMaster for more information 
about connecting and configuring a terminal. 

5. Connect the BRI port to the ISDN telephone line. 



Caution - Do not plug an analog telephone line into the PortMaster BRI RJ-45 
connector. The analog line does not work and the PortMaster could be damaged. 


6. Turn on the power switch. 

The PortMaster performs power on self diagnostics. The self diagnostics are 
displayed to the console if the console DIP switch is UP. 

7. Press [Return] on the console. 

The PortMaster login prompt is displayed. 

8. Type Iroot then press [Return]. 

You are prompted for the administrative password. The PortMaster is shipped 
from the factory without a password. 

9. Press [Return] at the password prompt. 

10. Set the IP address of the new PortMaster by typing: 

Command> set etherO address 192 . 168 . 200.1 
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ISDN Connections 


In this example, 192.168.200.1 is the IP address of the PortMaster. 
message is displayed showing the new IP address. 


A confirmation 


11 . 


12 . 


Set the netmask and broadcast values if necessary. 


If your version of PMconsole does 
SPID, and directory number, then 
as follows: 


not support setting the ISDN switch type, 
set these parameters from the command line 


Conunand> set isdn-switch ni -1 
Command> set si spid 700555111100 
Command> set s2 spid 700555111201 
Command> set si dn 7005551111 
Coirunand> set s2 dn 7005551112 


13. Save the configuration in the nonvolatile memory of the PortMaster by typing: 


Cominand> save all 


14. If you are using PMconsole to configure your PortMaster instead of thp 
command hue interface, exit the command line interface'by t^g" 


Coimnand> quit 


Configuring the Software for an ISDN Connection 


l ZZ dGI !°nT the PMconsole graphical user interface to configure the PortMaster you 

PC 0 ri th ;r ware ° n a r iX workstation or a Microsoft Windows-compatible 
C. Once the software is installed and started according to the instructions in the 

appropriate PMconsole Administrator's Guide, proceed with the configuration You can 
also configure the PortMaster from the console using the command line interlce or 
using administrative telnet once the PortMaster IP address is set. 


Configuring ISDN on officel 


The PortMaster in officel is 
PortMaster in office2. 


being configured for an ISDN dial-up connection to the 


Configuring the Software for an ISDN Connection 
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ISDN Connections 


Setting the Global Parameters on officel 

Set the following global parameters to the values shown in Table 18-2. These values 
only apply to this example. Use values appropriate for your network. 

Table 18-2 Global Parameter Values on officel 


Parameter 

Value 

IP Address 

192.168.200.1 

IP Gateway 

192.168.1.1 

Default Route 

Broadcast 

Sysname 

officel 

ISDN Switch 

NI-1 (or as identified by the carrier) 


For more information about global parameters, refer to Chapter 4, "Configuring a 
PortMaster." 


Setting the Ethernet Port Parameters on officel 

Set the following Ethernet parameters to the values shown in Table 18-3 


Table 18-3 Ethernet Parameter Values on officel 


Parameter 

Value 

Protocol 

IP/IPX 

IP Address 

192.168.200.1 

Netmask 

255.255.255.0 

IPX Network 

000000F1 

IPX Frame Type 

802.2 

Broadcast Address 

high (192.168.200.255) 

Routing 

On (Broadcast and Listen) 

Ethernet 

Enabled 


For more information on Ethernet parameters, refer to Chapter 5, "Configuring the 
Ethernet Interface." 
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ISDN Connections 


Setting the ISDN Port Parameters on officel 

Configure the ISDN port parameters with the values shown in Table 18-4 for the 
example in this chapter. Your configuration should reflect your network. This example 
assumes the BRI used is port S1-S2 on a PortMaster Office Router-ISDN (OR-U) If your 
application uses ports S10 through S29 on a PM-2E, adjust these values accordingly. 

Table 18-4 ISDN Port Parameter Values on officel 


Parameter 

Value 

Port Type 

Network 

Network Type 

Twoway (Dial In&Out) 

Dial Group 

2 

SPID 

Sl:700555111100 


S2:700555111201 


fhnm e 0tl T Parameters shouId be left at ^ir default values. For more information 
about synchronous ports, refer to Chapter 7, "Configuring a Synchronous WAN Port." 


Defining the Dial-In User on officel 


A user account must be set up on the router officel so that PortMaster office2 can dial 
in when traffic is queued. The new user office2 should be configured with the 
parameter values shown in Table 18-5. 


Table 18-5 User Table Parameter Values for User office2 


Parameter 

Value 

User Name 

office2 (must be the system name of the remote system) 

Password 

anypasswd 

(The password must match the password for user 
officel set on the remote PortMaster.) 

Type 

Network User/Normal 

Protocol 

PPP 

User IP Address 

Specified 192.168.1.1 

Netmask 

255.255.255.0 


Configuring the Software for an ISDN Connection 
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Table 18-5 User Table Parameter Values for User office2 (Continued) 


Parameter 

Value 


IPX Network 

000000F3 


Routing 

On (Broadcast and Listen) 


MTU 

1500 


Compression 

On 



For more information about configuring User Table parameters, refer to Chapter 8, 
"Configuring Dial-In Users." 


Defining a Dial-Out Location on officel 


A location entry on the PortMaster officel must be created for the location identifie 
office2. This allows the router officel to call the PortMaster office2 when network 
traffic is queued. The new location office2 should be configured with the parameter 
values shown in Table 18-6. 


Table 18-6 Location Table Parameter Values for Location office2 


Parameter 

Value 

Location Name 

Type 

office2 

Manual (The location is set for manual dialing until 
after the configuration has been tested. Once the 
configuration is verified the Type is changed to 
On-Demand.) 

Protocol 

PPP 

IP Destination 

Specified 192.168.1.1 

Netmask 

255.255.255.0 

IPX Network 

000000F3 

Routing 

On (Broadcast and Listen) 

MTU 

1500 

Compression 

On 

Idle Timeout 

2 minutes J 
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Table 18-6 Location Table Parameter Values for Location office2 (Continued) 

Parameter 

Value - 

Maximum Ports 

High Water Mark 

Dial Group 

1 (If you are not using multi-line load-balancing.) 

0 (If you are not using multi-line load-balancing.) 

2 

Dial Script 

V25bis 

Send and Expect Pairs 

Send: CRN17005552222 1 

Expect: =DCD= 

1. V.25bis dialing does not require a carriage return at the end of the string. 


For more information about configuring Location Table parameters refer to Chanter 9 

Ucadons " Af *“ Po«, user, L locaS, parameter fa re ' 

entered and saved, the port should be reset to make the new configuration aSve 


Configuring an ISDN Dial-Up Connection on office2 


The PortMaster office2 is being configured for 
PortMaster officel. 


an ISDN dial-up connection to the 


Setting the Global Parameters on officel 


Set the following global parameters to the values shown in Table 18-7 These values 

S&2& Tz:rz‘ e ' USe ValU “ appr ° priate for Ifl you are u2ig 

PA/f ° le ' t he System Name parameter is found in the SNMP Window Refer to the § 
PMconsole Administrator's Guide for more information. 


Table 18-7 Global Parameter Values on office2 


Parameter 

Value - 

IP Gateway 

Set to the address of the next upstream router 

Default Route 

Off 

Sysname 

office2 

ISDN Switch Type 

NI-1 


Configuring the Software for an ISDN Connection 
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Setting the Ethernet Port Parameters on office2 

Set the following Ethernet parameters to the values shown in Table 18-8. 


Table 18-8 Ethernet Parameter Values on office2 


Parameter 

Value 

_ 

Protocol 

IP/IPX 


IP Address 

192.168.1.1 


Netmask 

255.255.255.0 


IPX Network 

000000 F2 


IPX Frame Type 

802.2 


Broadcast Address 

high (192.168.1.255) 


Routing 

On (Broadcast and Listen) 


Ethernet 

Enabled 

_ 


Setting the ISDN Port Parameters on office.2 

Configure the ISDN port parameters with the values shown in Table 18-9 for the 
example in this chapter. Your configuration should reflect your networ . 


Table 18-9 WAN Port Parameter Values on office2 


Parameter 

Value - 

Port Type 

Network 

Network Type 

Twoway (Dial In&Out) 

Dial Group 

2 

SPID 

SI :700555222200 

S2:700555222301 
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Defining the Dial-In User on oJfice2 


A user account must be set up on the router office2 so the PortMaster office 1 can dial 
when traffic is queued. The new user officel should be configured with the 
parameter values shown in Table 18-10. 


Table 18-10 User Table Parameter Values for User officel 


Parameter 

Value 

User Name 

officel (must be the system name of the remote system) 

Password 

anypasswd 

(The password must match the password used for user 
ofnce2 set on the PortMaster officel.) 

Type 

Network User/Normal 

Protocol 

PPP 

User IP Address 

Specified 192.168.200.1 

Netmask 

255.255.255.0 

IPX Network 

000000F3 

Routing 

On (Broadcast and Listen) 

MTU 

1500 

Compression 

On 


For more information about configuring User Table 
"Configuring Dial-In Users." 


parameters, refer to Chapter 8, 


Configuring the Software for an ISDN Connection 
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Defining a Dial-Out Location on office .2 


A location entry on the PortMaster office2 must be created for the location identified as 
« f TH, allows the router office2 to call the PortMaster officel when network 
traffic is queued. The new location officel should be configured with the parameter 

values shown in Table 18-11. 


Table 18-11 Location Table Parameter Values for Location officel 


Parameter 

Value 

Location Name 

officel 

Manual (The location is set for manual dialing until 

Type 

after the configuration has been tested. Once the 
configuration is verified the Type is changed to 
On-Demand.) 

Protocol 

PPP 

IP Destination 

Specified 192.168.200.1 

Netmask 

255.255.255.0 

IPX Network 

000000F3 

Routing 

On (Broadcast and Listen) 

MTU 

1500 

Compression 

On 

Idle Timeout 

2 minutes 

Maximum Ports 

1 (If you are not using multi-line load-balancing.) 

High Water Mark 

0 (If you are not using multi-line load-balancing.) 

Dial Group 

2 

Dial Script 

V25bis 

Send and Expect Pairs 

Send: CRN17005551111 1 

Expect: =DCD= 


1. V.25bis dialing does not require a carriage return at the end of the string. 
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ISDN Connections 


Use the dialer to connect between the two offices. Once everything is world™ 
roofers and reS 'the parts' 0 " ^ Parame,er t0 °n-»™nd on both 


Troubleshooting the Configuration 


plrfM S ? N C ° nflgUr i ati0nS Come U P with little trouble if you have configured the 
If you are having trouble with an ISDN connection, verify the following- 

c V or^t port y ° U ^ US ‘ ng the C ° rreCt CaWeS and arc a «^hed securely to the 

Co2„™L!! , GS„ Sta,US X “ ° n SOM; C,herwise - rcfer *» *e Hardware 
swS ° re mforma,i “"' TWs indicates connectivity to the ISDN 

Verify your configuration as described in this chapter. 

Contact your carrier to review the ISDN switch type, SPIDs, and the status of their 
Use the following commands to view the PPP negotiation: 


Command> set console 
Command> set debug 0x51 


verified that the PPP negotiation is correct type 7 ° U 6 


Command> set debug 0 
Command> reset console 


Troubleshooting the Configuration 
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ISDN Connections 


ISDN Port Status 

Table 18-12 describes how to interpret the output of the ISDN BRI ports. 


Table 18-12 ISDN BRI Port Status 


Port Status 

Modem Status 


Description 

NO-SERVICE 

DCD- 

CTS- TELCO- 

NTl- 

No SPID set 

NO-SERVICE 

DCD- 

CTS- TELCO- 

NT1 + 

No cable or no circuit to TelCo 

NO-SERVICE 

DCD- 

CTS+ TELCO+ 

NT1 + 

Cable and ISDN circuit OK but 

SPID not registered 

IDLE 

DCD- 

CTS+ TELCO+ 

NT1 + 

SPID registered and ready to use 

ESTABLISHED 

DCD- 

CTS+ TELCO+ 

NT1 + 

Connecting or providing device 
service but no carrier sensed 

ESTABLISHED 

DCD+ 

CTS+ TELCO+ 

NT1 + 

Connected 

ESTABLISHED 

DCD+ 

CTS- TELCO+ 

NT1 + 

Connected with V.120 async but 
flow controlled by other end 


ISDN Status LEDs 

On each ISDN board there is a green LED next to each of the five RH5 “”>^rs. 
contact Livingston Technical Support. 

Thp T FD eoes off if no SPID is set on the port and there is no circuit to the telephone 
g Tf no SPID is set on the port but there is a circuit to the telephone company, 
SS&LE o„ 2 per" inhere is a valid SPID and a circuiL the LED blinks 
r^ce per second while synchronizing with the telephone company, then becomes solid. 



Note - On the PortMaster Office Router ISDN (OR-U) this LED is on the front panel, 
labeled NT1. 
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Troubleshooting the PortMaster 

Configuration 



'« ^ - PortMaster 

How to recognize a network problem 
How to debug a network problem 
PPP negotiation quick reference information 
Booting from the network 

Recognizing Network Problems 

this section froubieshj^ m,e " ded U * ,he " 

Most of the commands described in this section can only be accessed usirnr the 

comma nd llne i„ terface , which „ U8eful for debugging ^ ^ 

condidon mand ‘ me C “ b<! aC " SSed ' r ° m 3 C ° nSOle termlMl regardless of „ e ,„„ rk 
’ and onTe a ne^orr V ‘ deS ^ m ° S ' “““ feedback ab °“' <•« •?*«" 


Verifying Your Network Connections 


devices' orfyour ""^1^*° ^ y ° m POTtM «“ a " d 

spSd e devke y ° Ur netW ° rk betW6en the maChine iSSUing the Pin § re quest and the 7 

If you do not receive a Ping response, check the following: 

• Verify that the host you pinged is running and connected to the Ethernet, 
en y that all of the cables are connected to the PortMaster properly. 


Recognizing Network Problems 
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If the machine you pinged is on another subnet, verify that you are using the 
correct netmask. 


Verifying Your Configuration 


If you have verified that everything is connected properly, you should check the 
information. The if conf ig flags are described in Table 19 . 


Table 19-1 ifconfig Flags 


Flag 

Description _- 

IP_UP 

Indicates that the interface is up and running the IP 
protocol. 

IPDOWN 

IPX_UP 

Indicates that the IP protocol is not in use. 

Indicates that the interface is up and running the IPX 
protocol. 

IPX_DOWN 

BROADCAST 

POINT_TO_POINT 

Indicates that the IPX protocol is not in use. 

Indicates that this is an Ethernet interface. 

Indicates that the network connection on this interface 
is a point-to-point connection. 

LISTEN 

RIPSEND 

Indicates that the interface is set to listen for RIP 
packets but not broadcast them. 

Indicates that RIP packets are being sent out from the 
interface but are not listened for. 

PRIVATE 

Indicates that no routing information is being sent or 
listened to on this interface. 

SUSPENDED 

Indicates that this interface is set for on-demand dial- 
out operation and is available, but does not have an 
active telephone connection to the remote site. 

COMPRESS 

Van Jacobsen TCP/IP header compression is being done 
on this interface. 
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Troubleshooting the PortMaster Configuration 


TTig second and third lines of flip -i ,-f ■ 

described in Table 19-2. 15 response contain the information 

Table 19-2 Additional i f conf ig Information 

I Information 


inet 

dest 

netmask 

broadcast 

mtu 

ipxnet 

ipxframe 


Description 

Indicates the IP address of the interface. 

Indicates the destination IP address of a point-to-point 
connection. y 

Indicates the netmask for the IP address shown in inet 
or dest. 

Indicates the broadcast address of the interface (only on 
Ethernet mterfaces.) y 

Indicates the maximum transmission unit for the 
interface. 

Indicates the IPX network number of the interface. 

Indicates the IPX frame type for the interface (only on 
Ethernet mterfaces.) y 


Debugging Network Problems 


The following subsections describe some of the thines that vn„ h„ . 

“iSH- 

Determining the Software Version 

A to UvigSiwcal Su^oT 1 ^ °' y °" ^ P-blems 


Debugging Network Problems 
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Troubleshooting the PortMaster Configuration 


Resetting Ports 


PortMaster ports should be reset after 

new settings active. Resetting a system or specific 

norts usmTthe^eTet commanTor by clicking the Reset button in PMconsole. 


Disabling a Synchronous Port 

A synchronous network hardwired port can be disabled by setting 
0.0.0.0 and the destination IP address to O.O.O.O. 


its IP address to 


Tracing Routes with IP 


Vou can use the tracers command 

foflCMP me^gesretonh^. A host name or ff addK*of 

entered with the traceroute command, and a Ust of muter addresses in 

seen is printed. 


To stop the traceroute command, enter the traceroute command with 


i address. 


Interpreting LCP and IPCP Debug Output 

The PPP negotiation process can be debugged and interpreted using the co 
and information given in this section. 

To debug PPP negotiations, type the following commands: 


Command> set console 


Command> set debug 0x51 


To stop the debug output, type the following: 

Command> set debug 0 


Coinmand> reset console 



Configuration Guide for PortMaster Products—December 1995 


19-4 
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PPP Quick Reference 

The information that follows describes the PPP protocol. 


Frame format 



by an escape (7D) and the original byte with bit 6 inverted (XOR'ed^ whh 0x20) 

Table 19-3 shows protocol values. The Network Protocol (NCP) is used to establish 
connection for the associated data transfer protocol. ^ 3 

Table 19-3 Protocol Values 


Protocol 


Internet Protocol (IP) 

OSI Network Layer 
DECnet Phase IV 
Appletalk 
Novell IPX 

VJ Compressed TCP/IP 
VJ Uncompressed TCP/IP 
Banyan Vines 

Link Control Protocol (LCP) 

Password Authentication Protocol (PAP) 

Link Quality Report (LQM) 

Challenge Handshake Authentication Protocol (CHAP) 


Value 


NCP Value 


0021 

0023 

0027 

0029 

002B 

002D 

002F 

0035 


8021 

8023 

8027 

8029 

802B 


8035 

C021 

C023 

C025 

C223 
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LCP Packet Formats 

Configure-Request 


1 01 1 

ID 1 

Length 

Configuration Options 

Confiqure-Nak 

1 03 l 

ID 1 

Length 

Configuration Options 

Terminate-Rec 

uest 

1 05 

ID 

Length 

Data J 

Code-1 

Reject 

1 07 

1 ID 

| Length 

Rejected-Packet 

Echo-Request 

09 

1 10 

Length 

Magic-Number j Data 

Discard-Request 

1 OB 

ID 

Length 

Magic-Number | Data 


LCP Configuration Options 

Maximum-Receive-Unit 


01 

04 

- 7^T. 1 Default 1500 

MRU J decimal 

Authentication-Protocol , 

1 03 

Length 

UtMaun io 11 y 

Auth-Prot Data authentication 

' - 04 CO 23 (PAP) . 

05 C2 23 05 (CHAP using MD5) 

Magic-Number 

| 05 

j 06 

. ■ ki u ^ ueiauinoiiy 

Magic-Number | magic number 

Addre: 

08 

ss-and- 1 

02 

Control-Field-Compression 

Default is no 
compression 


Confiqure-Ack 

1 02 T 

ID 

Length 

Configuration Options 

Confiqure-Reject 

g 

o 

Length Configuration Options 

Terminate-Ack 

06 

ID 

Length 

Data 

Protocol-Reject _ ,- 

| 08 

ID 

Length 

Rej’d-Protocol j Rej’d-lnfo 

Echo- 

teply 

1 0A I 

ID 

Length 

Magic-Number] Data 

Asvnc-Contro 

1 -Character-Map 

1 02 

1 06 

1 Default is 

Async-Map |FFFFFFFF 

Quality-Protocol 

04 

Length 

i Qual-Prol 

L/ciauu io 

t Data no LQM 

Protc 

3r 07 

08 

icol-Fiel 

02 

CO 25 Reporting-Perioa 

d-Compression 

Default is no 
compression 
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Troubleshooting the PortMaster Configuration 


IPCP Configuration Options 

IP-AddSsS' Pr0t0C0 '" Sim “ ar '° LCR eXCep ' “O' 8 1 ' h ™8» ^ are used. 

IP-Compression-Pro tocol 

Deprecated 


01 

0A 

Source-IP-Address 

Destination-IP-Address 


P-Address 




02 Length Compress-Prot I Data 


03 


06 


Default is no 

__ compression 

06 00 2D Max-Slot-ID Comp-Slot-ID 

(Van Jacobson Compressed TCP/IP) 


IP-Address 


No Default 


PAP Packet Formats 

Authenticate-Request 


01 

!£ j 

| Length 

IDLen 

Peer-ID 

PwLen 

Password 


Authenticate- 

Mak 

1 03 

1 ID 

Length MsgLerj Message 


Authenticate-Ack 


02 


ID 


Length 


MsgLen Message 


CHAP Packet Formats 
Challenge 


01 

r ,d 

Length 

ValSize 

Value 

Name 


Success 

1 03 1 

ID 

Length 

Message 


Response 


02 

r ,d 

Length 

ValSize) Value 

Name 




Failure 



04 

ID 

Length 

Message 
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Troubleshooting the PortMaster Configuration 


Tracing Packets 


The ptrace command allows you to see packet information as it passes through the 
JortMaster Filters are used to define which packets you want to view. The ptrace 
command uses the name of a filter as its argument. All packets 

PortMaster are evaluated against the selected filter, excep ^Th e filter a^e 
generated by the PortMaster itself. Packets that are permitted by the filter 
displayed on the console with the following packet information. 

• Source address of the packet 

• rioctinaHnn address of the packet 


• Protocol ... . 

• Other protocol specific information, including source and destination port 

Filters are used to narrow the ptrace output to only those packets of interest, 
If no filter is specified with the ptrace command, packet tracing is disabled. 



Note - If you are using ptrace through an administrative telnet session, your filter 
about the packets being generated. 


The following example uses a filter that denies all telnet packets while allowing all 
other IP traffic for evaluation 


Command> add filter all 
Command> set filter all 
Coiranand> set filter all 
Command> set filter all 
Command> ptrace all 


1 deny tcp src eq 23 

2 deny tcp dst eq 23 

3 permit 


To stop viewing packet trace information, type. 


Command> ptrace 
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Backing Up the PortMaster Configuration 


Smln^dable'form but ca" 'terlid ^ ^ “ P ' The backup fflc is in 

function of PMconsole, which calls pminstS? ^jl ^ 111311311 Program or the install 

# mv output_file /usr/portmaster/data 


Port State Verification 

aTXd“^ - m odems are 

of carrier detect (CD) floats hi>h ™ • 3 behavior because the value 

attached with &-d cot a a uew boards, as soon as modems are 

d COntrGl tUrned ° n f ° r the P ° rt ' the ports should 
page 3-6. ' 6 informatl on about port states, refer to Table 3-2 on 


Debugging Network Problems 
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Troubleshooting the PortMaster Configuration 


Administrative Telnet Sessions 

The PortMaster supports up ^yon^ZmZrlndZ^nT 

s ow g f4r»rtc tn that Dort Reset any connections that are stale by 

for administrative connections to that port, i^esei any 

typing 'reset n# - where # is the handle from the first column of the 
"show netcon" output. 

~~ r 


Diagnostic Mode 


To force the PortMaster SO port into diagnostic mode, follow these steps: 

1. Attach a terminal to the console port SO using a null modem cable. 

Configure the terminal for 9600 8N1. For more information, refer to the Hardware 
Installation Guide that came with your PortMaster. 

2. Raise the Console DIP switch #1 left-most, on the back of the PortMaster to pot 
the console into Diagnostic Mode. 

Refer to your Hardware Installation Guide for detailed information about the 
PortMaster DIP switches. 

3. Turn the power on and observe the diagnostic output. 

Tf the PortMaster completes its diagnostics and produces a login: prompt then the 

on diaenostic boot messages. 
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Forgotten Passwords 


revision is F or earlier, follow the instructions in "Booting ftomfoe Network°Ltod' 
&es™"^ version i,K or ,a,er. 

'' page e it e io POrtMaS ' er “ diaSn ° Stic mode “ described in "Diagnostic Mode" on 

2 ' and'a piwsword'of^override 6 P ° r,MaS ' er C ° nS<>le ta * ta —■ -root 

A 16-character encrypted challenge is displayed. 

encrypted'response TaChn * Ca * SUPP ° r ' f " ,he »PP«>P™>e 16-character one-tinte 

ofthkguTdo° n ab ° U ' “ n,aC,in8 TeChniCa ‘ Su PP ort - *e page xxxii in the Preface 

4 g L .r t; ssss^ ir«he xzi thc ,6 ' charMer «*— 

5. Change the administrative password using the set password command 

6. Type the save an command to save the new password nonvoiatiie memory. 


3. 


Forgotten Passwords 
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Booting from the Network 


• r .v, r?T aqh RAM on vour PortMaster becomes 
S5 l”srco4 t « -y o f the lowing occur: 

• Your PortMaster never reaches the login: prompt during self diagnostics w 

DIP switch #1 is UP. . , 

• A checksum error on the ComOS is reported during the diagnostic boot proces . 

run out of file descriptors. . 



Note - Network booting only works if you have a host on the ^ pportS 

TFTP. Otherwise, you must boot from the PROM monitor using the download 

command. 


Network Booting 

u you have determined .ha, i, is necessary to boot your PortMaster from .he network, 
follow these steps: 

1 pTp the appropriate net-bootable ComOS, by typing. 

% ftp ftp.livingston.com 
Name : anonymous 

Password: your email address 
ftp> binary 

ftp> cd pub/livingston 
ftp> get README. NETBOOT 
ftp> quit 

2. Read the README.NETBOOT file to determine which net-bootable ComOS to 
download using FTP. 

The ComOS is referred to as GENERIC.OS in the rest of this example. 

3. Repeat step 1 to download the appropriate GENERIC.OS. 
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‘ SS*F"“ : -i=sa^sssr. 

5. Start the rarpd service, if it is not already running, by typing: 


% rarpd -a 





page U 19 b 16 0t h ° St d ° eS ^ RARP ' USe the P rocedures in "PROM Booting" 

6. Set up TFTP on your boot host by typing: 


on 


8 . 


% umask 22 
% mkdir /tftpboot 

% mv GENERIC.OS /tftpboot/GENERIC .OS 
% cd /tftpboot 
% In -s . tftpboot 


This procedure should be done even if your host does not support RARP. 

oTsZ mT 2 ' PM ; 2E ' ™‘ 2R - ° r PM ' 2ER from the network, the file 
C. OS should be moved to /tf tpboot/GFNFRTp dmo if i 

an IRX from the network, the GENERIC. OS file should be moved hT 316 °° tm8 
/tftpboot/GENERIC.IRX. 

SSHr-'-si-ssaj- 

power*srvitdi ON.°°* ( * 21 D ' P SW “ Ch °" ““ *» W and turn the 


9. Boot the PortMaster and login as ! root with no password. 
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/usr/portmaster/pmreadconf pm. 


\_name pm_password output_file 


There have been occasions when something in the configuration corruptted_ the 
FLASH RAM. If this is the case, reconfigure your PortMaster comp e e y y 
have installed the new ComOS in FLASH RAM. 

U. To erase the configuration information stored in FLASH RAM, do one of the 
following on the PortMaster console: 

_ If you are running ComOS 3.0, 3.0R, or later, type: 


Command> 


set register Oxffff 0x0102 


After about thirty seconds, the following message is displayed. 


Successfully formatted FLASH 2 


- If you are running ComOS 2.4 or older, type: 

Command> set register Oxffff 0x0f02 

After a few moments, the following message is displayed: 


Successfully formatted FLASH 2 


Then type: 

Command> set register Oxffff 0x0f03 

After a few moments, the following message is displayed: 


Successfully formatted FLASH 3 
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is co^ed! r i^”' nS thiS procedure bKause tbe ComOS in the FLASH RAM 

Command> set register 0xffff0x0f63 | 

After about 30 seconds, the following message is displayed: 

| Successfully formatted FLASH 99 



Caution - This command formats all four FLASH rhir. c 

ComOS. Do no, reboot the PortMaster until "* en,ir<i 

These procedures have reformatted the FLASH RAM on the PortMaster. 

12 ‘ L^ouTa^onnmto 6 XT* *° T ^ 

on one of your workstations, by typing: § Mcons °le program installed 


Command> ifconfig etherO address 192 . 168 . 200.1 




Command> ifconfig etherO netmask 255 . 255 . 255.192 


13. To install the new ComOS into the FLASH RAM m* * 

workstation and select the Upgrade option from yOUr 

Jortand reirz Dl^wiS^to'thel'"' 0 ''' 1“ from ,he 

the PortMaster power to reboot the PortMas™ 3 “ Pera '"' 8 P osl,,ons - T “™ on 

cnnZ thi J Sh ° Uld be W ° rking 3t thiS point You must now reenter your 
configuration parameters. y 
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PROM Booting 

n . . with PROM leve l F a feature has been added that allows you to boot using 

SrOM^ tead o, RARE y£ can either boo, from ,he tftpd daemon, or you can 
^d fcom«Tom your workstation to .he consoie port on the PortMaster over a 

serial cable and. boot from tbat. 

If you have determined from the previous section that i, is necessary to boot your 
PortMaster from PROM, follow these steps: 

Note - This procedure only works with PROMs of level F or higher. The PROM version 
is displayed at boot time if the console port is in diagnostic mode. 



1 . 

2 . 

3. 

4. 


Place the PortMaster in diagnostic mode as described in "Diagnostic Mode" on 
page 19-10. 

Attach a terminal to the console port of the PortMaster. 

Turn the power switch to ON. 

As the PortMaster starts to boot, press [ESC] or type *[ to display a > prompt. 

The commands shown in Table 19-4 are now available. 


Command 

Description 

address 

netmask 

Allows you to set the address of the Ethernet interface. 
Allows you to set the netmask of the Ethernet interface. 
Default is 255.255.255.0. 

gateway 

Allows you to set the default gateway in order to boot 
from a server on another network. 

tftp 

Causes the PortMaster to issue the TFTP request to the 

boot server. 

download 

continue 

Allows you to download the ComOS using the serial 
port. 

Causes the PortMaster to continue attempting to boot 
using RARP. 
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Troubleshooting the PortMaster Configuration 


5. Enter the address of the PortMaster Ethernet port by typing: 


> address 192.168.200.1 


6. Set the gateway and netmask, if needed. 

7 ' fh?bl? s ^ r ^;Vp e ing° 0tabI,i C ° mOS 10 ' he WMk5 »* i »" y»« »»"> to use as 


% ftp ftp.livingston.com 
Name : anonymous 

Password: your email address 
ftp> binary 

ftp> cd pub/livingston 
ftp> get README.NETBOOT 
ftp> quit 


8 - iw d „Ioa7„ E st D 8 ^p NETBOOT fi ’ e * uet-bootable ComOS 

9. Repeat step 7 to download the appropriate GENERIC OS 

,he oeweric - os me sh ° uid be m -° d ” 

10. Set up TFTP on your boot host by typing: 


% umask 22 
% mkdir /tftpboot 

% mv GENERIC.OS /tftpboot/GENERIC .OS 
% cd /tftpboot 
% In -s . tftpboot 


procedure should be done even if your host does not support RARP. 

hat 8 t hVr„' e «te3«T;ad ,t ““ co„f fl,e. To 

signal to the inetd process 'etc/metd.conf hie, send a SIGHUP 
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12 . 


This procedure applies to most UNIX systems. However, the procedure for 
enabling TFTP on your system may vary. Consult your system ocumen 

Use one of the following to boot the PortMaster. conso le type- 

_ To boot the ComOS from the boot server using TFTP, on the console type. 


> tftp 192.168.200.2 


Where 192.168.200.2 is the IP address of the TFTP host that has the 
GENERIC.OS software. The PortMaster then boots using e f 

boot server. The new ComOS has not yet been loaded into the FLASH RAM 

your PortMaster. 

To download the ComOS directly through the serial line, type: 


download size 


Where size is the number of bytes of ComOS that follows. The PortMaster then 

pminstall. 

operating positions. Turn on the PortMaster power. 

This reboots the PortMaster. Everything should be working at this point. 
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Command Line Summary 


This chapter provides a summary of the syntax for all nf , 

the command line interface for ComOS3 1 4 ? 2 Tr h Jot ^ ava ^ble from 

experimental commands The ISDN refafpH 3 Z1R ' and 3 2L ' except for obsolete or 
ComOS 3.3L. ISDN-related commands are available in ComOS 3.3 and 

“rs d v r ibes ,h !“ kinds ° f ™ iuas «««— 

Device) to distinguish flreni 2ZZ ,7 “.t shown 1 m U PP«™* dike this: 

a lowercase plain font (like this: version” eyW ° r S ° f the comma nds, which are in 

^riouftocfonfmfch^ ChaP ‘ er deSCribe ' he Syntax for comm ands related to 
one keyword from the lisUhould be u'Sd’o'T- '’“I*”' barS ' Uke this: on l o££ ' where 
surreunded by square^ brackets 'hke tbL I ^ °" al P 0rh ° nS ° f 3 commimd ® 
like this: on I off. ’ [optional]. Default values are underlined 


Values 


Table 20-1 does not contain 
are used in commands. 


commands, it describes the different kinds of values 


that 


Table 20-1 Values 


Variable 

Usage 

Device 

/dev/network or a pseudo-tty on a UNIX host 

EtherO 

etherO or etherl (on IRX-211), defaults to etherO if 
omitted 

Eiltername 

strmg up to 12 characters long naming a filter 

Group 

an integer from 0 to 99, 0 is default 

Handle 

n followed by a number, with no space between them 

Hex 

hexadecimal number with leading Ox 

| Interface 

-interfacejypecification, e.g. etherO, frml, ptpl, frmWl, ptpWl 


Values 
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Table 20-1 Values (Continued) 


Variable 


Usage 


Ipaddress 

Ipmask 

Ipxaddress 

Ipxnetwork 

Isock 

I type 

Locname 

MTU 

Metric 

Minutes 

ModemName 

NM 


Number 
Password 
Rule Number 

50 

51 
S10 

Seconds 

String 

Tport 

Uport 

Username 

W1 


IP dotted quad or hostname 

dotted quad with l's in high order bits, 0's in low order bits 
IPX address in hex format Ipxnetwork:node 
32-bit hexadecimal number 
IPX socket 

ICMP packet type, 0 or higher 

string up to 12 characters long naming a location 

integer from 100 to 1500 

integer from 1 to 15, defaults to 1 

integer from 0 to 240; note that 1 has special meaning 

Modem table entry 

integer 0 to 32, expressing the number of high-order bits set to 

1 in a netmask 

number 0 or higher 

string up to 16 characters long 

integer 1 or higher 

any async port s0-s29, or all 

any async or sync port s0-s29, wl, or all 

ISDN port sl-s2 or sl0-s29, depending on model 

number 0 or higher 

string of ASCII characters 

TCP/IP port, integer from 0 to 65535 

UDP/IP port, integer from 0 to 65535 

string up to 8 characters long naming a user 

any sync port sl-s4, wl, or all____ 
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Command Line Summary 


General Commands 


™ e o 8enerai * d “- - 

Table 20-2 General Commands 


Command Syntax 


version ---- 

reboot 

quit 

done 

exit 

help 

ifGonfig intertaoe [ address Ipaddress ] [ netmask Ipmask 1 

destination Ipaddress ] [ i pxne t Ipxnetwork ] 

[ lpxframe e theme t_8 02.2 | ethernet_802_ii | ethernet 802 3 I 
ethernet_u ) [ up , , down , , p rivat L , , 

dial Locname [ -x ] 

ping [ Ipaddress ] 

traceroute [ Ipaddress ] 

ptrace [ Filtername ] 

pmlogin Ipaddress 

rlogin Ipaddress 

telnet Ipaddress 

set debug Hex 

set debug isdn [ on | off ] 

set register Hex Hex 

set console [ SC^pO ] 

^uttTsJTiuiJ; 111 console 1 £ilter |host 1 mpo i 
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Command Line Summary 


Table 20-2 General Commands (Continued) 


Command Syntax 


reset Handle | SO | Wl | all | console | dialer | me | pO 
show all 

show arp Interface 
show global 
show ipxroutes 
show memory 
show netconns 
show netstat 
show routes 
show sap 
show sessions 

show table filter|host[location|netmask|snmp|user_ 


Global Configuration 


Table 20-3 contains all the global configuration commands that affect the entire 
PortMaster. For more information about global commands, refer to Chapter 4, 
"Contieurina a PortMaster." 


Table 20-3 Global Configuration Commands 

Comman d Syntax ___ 

show global 

set password Password 

set telnet Tport 

set host [ 11 2 | 3 1 4 ] Ipaddress 

set loghost Ipaddress 
set namesvc domain|nis 
set nameserver Ipaddress 
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Command Line Summary 


Table 20-3 Global Configuration Commands (Continued) 
Command Syntax 
set domain String 
set gateway Ipaddress Metric 
set default on|off|broadcast|listen 
set assigned_address Ipaddress 
set reported_ip Ipaddress 
set netbios on[ off 
set pap on|off 

set maximum pmconsole Number 
[_set isdn-switch att-5e SS |5ess|dms-100Ini-1 

RADIUS Client Configuration 


not found in the PortMaster User Table Form™ • c ecurity °n and a user is 

i r uber laoie. tor more information about R ADTT tq 

mmands, refer to the RADIUS Administrators Guide. 

Table 20-4 RADIUS Client Commands 


Command Syntax 

set authentication_server Ipaddress 
set alternate_auth_server Ipaddress 
set accounting [ 2 ] Ipaddress 
set secret Password 


RADIUS Client Configuration 
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Command Line Summary 


Ethernet Configuration 


mmmands. refer to Chapter 5, “Configuring the Ethernet Interface. 


Table 20-5 Ethernet Interface Commands 

Comman d Syntax ___ 

set EtherO address Ipaddress 

gg£ EtherO netmask Ipmask 

set EtherO broadcast high|low 

set EtherO routing on|broadcast|listen|off 

set EtherO ipxnet Ipxnetwork 

set EtherO ipxframe ethernet_802.2|ethernet _802 . 3 |ethernet_ii 

set etherO ip up|dovm|enabled|disabled 

se t etherO ipx up 1 down 1 enabled | disabled --_- 

1. This command is nly available on etherO port, even on the IRX-211 


Asynchronous Port Configuration 


commands, refer to Chapter 6, “Configuring an Asynchronous Port. 


Table 20-6 Asynchronous Port Commands 

Comman d Syntax ______ 

show all 
show SO 
save SO 

set SO extended on | ofj. 
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Command Line Summary 


Table 20-6 Asynchronous Port Commands (Continued) 


Command Syntax 


set SO login [ device Device ] 

[ network dialin|dialout|twoway ] 

set SO device Device [ network dialin|diaiout | twoway ] 
set SO twoway Device [ network dialin|dialout|twoway ] 
set SO network dialin|dialout|twoway 
’ set s0 network hardwired 

“ .“.W, oUoijiLr 1600 1 1200 I 2400 I 4800 19200, 

set SO parity even|npn£|odd|strip 

set SO databits 5|6|7|£ 

set SO stopbits 1|2 

set SO xon/xoff on|off 

set SO rts/cts on| off 

set SO override xon|rts|speed|parity|databits on|pff 

set SO modem|cd on| off 

set SO modem ModemName 

set SO group Group 

set SO idletime Minutes 

set SO security on| off 

set SO message String 

set SO prompt String 

set SO username|autolog String 

set SO hangup on| off 

set SO dialback_delay Seconds 

set SO dtr_idle on I off 
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Command Line Summary 


Table 20-6 Asynchronous Port Commands (Continued) 

Comma nd Syntax --- 

set SO service_login netdata| portmaste r|rlogin|telnet 
[ Tport ] 

set SO service_device netdata1 portmaste r1rlogin|telnet 
[ Tport ] 

set SO host default I prompt| Ipaddress 
set SO access on|a££ 
set SO termtype String 
set SO ifilter Filtername 

• set SO ofilter Filtername 

• set SO protocol slip|ppp 

• set SO address Ipaddress 

• set SO netmask Ipmask 

• set SO destination Ipaddress [ Ipmask ] 

• set SO mtu MTU 

• set SO routing pn|off|broadcast|listen 

• set SO ipxnet Ipxnetwork 

• set SO compression on|off_ 


Synchronous Port Configuration 


The commands shown in Table 20-7 are used to configure synchronous serial ports. 
C«ds maied w"* a leading bullet (•) can only be used if the port .s conhgured 
for network hardwired operation. For more information P 

commands, refer to Chapter 7, "Configuring a Synchronous WAN Po . 

Table 20-7 Synchronous Port Commands 


Command Syntax 


show all 
show Wl 
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Command Line Summary 


Table 20-7 Synchronous Port Commands (Continued) 


Command Syntax 


save W1 

set W1 extended on| off 

set W1 network dialin|dialout|twoway|hardwired 
set W1 protocol ppp 

• set W1 protocol frame 

• set W1 address Ipaddress 

• set Wl netmask Ipmask 

set W1 destination Ipaddress [ Ipmask ] 

• set Wl ipxnet Ipxnetwork 

• set Wl routing on | off|broadcast|listen 

• set Wl ifilter Filtername 

set Wl ofilter Filtername 

9 set Wl mtu MTU 

• set Wl lmi |annex-d Seconds 
' set Wl dlci Dlci_list 

set Wl group Group 
set Wl hangup on|off 
set Wl idletime Minutes 
set Wl modem|cd on| off 

114 , 4 °° 119200 1 38400 I 57600 I 760 »0 I U5200 

56000|64000|l344k|l536k|2048k|tl|tle|el 

set Wl encode nrzlnrzi 
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Command Line Summary 


ISDN Port Configuration 


ISDN BRI ports can be configured similarily to synchronous and ^cluonous (V. 12 °) 
nnrts In addition there are commands that allow you to configure the SPID and 
^optionally) the directory number (DN). The ISDN port configuration commands are 
shown in Table 20-8. For more information about ISDN port commands, refer 
Chapter 18, "ISDN Connections." 


Table 20-8 ISDN Port Commands 

Command Syntax 

show all 
show S10 
save S10 

set S10 extended on|pf£ 

set S10 login [ device Device ] 

[ network dialin|dialout|twoway ] 

set S10 device Device l network dialin Idialout | twoway ) 

set S10 twoway Device [ network dialin | dialout | twoway ] 

set S10 network dialin |dialout|twoway 

set S10 spid String 

set S10 directory|dn String 

set S10 group Group 

set S10 idletime Minutes 

set S10 security on|pf£ 

set S10 message String 

set S10 prompt String 

set S10 username |autolog String 

set S10 hangup on|off 

set S10 dialback_delay Seconds 

set S10 service_login netdata | portmaste r| rlogin|telnet 
[ Tport ] 
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--- Command Line Summa ry 

Table 20-8 ISDN Port Commands 

Command Syntax - 

SSt [ T CS - deVlCe " etdata 1 ““ l rl °9in| telnet 

set S10 host d efault |prompt| Ipaddress 
set S10 termtype String 

set S10 if liter Filtername ___ ^ 

Parallel P ort Configuration 

T*e commands shown in Table 20-9 allow you to configure the parallel port PC. 

Table 20-9 Parallel Port Commands 

Command Syntax ~ -- 

show p0 ~ - 

save p0 

set pO extended on|off 
set pO device Device 
set pO disabled 

set t p ;:rr- device netdata i <=« i n«gi„ i 

set pO host default| Ipaddress 

set pO d isconnect Seconds |infinity 

----- 


Parallel Port Configuration 
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Command Line Summary 


DLCI Table Configuration 


The commands shown in Table 20-10 allow you to configure the DLCI table, which is 
A tn cnlit a Frame Relav interface into two subinterfaces. For more information 
ReUv coS. refer fo Chapfer 16, -Synchronous Frame Relay 


Connections." 

Table 20-10 DLCI Table Commands 

Command Syntax __ 

show location Locname 

add dlci Locname Dlci [ Ipaddress ] 
add ipdlci Locname Dlci [ Ipaddress ] 
add ipxdlci Locname Dlci [ Ipxnetwork ] 
delete dlci Locname Dlci 

delete ipdlci Locname Dlci _ 


Host Table Configuration 

The commands shown in Table 20-11 allow you to configure the host table inside the 
PortMaster in cases where DNS or NIS is not available. 

Table 20-11 Host Table Commands 


Command Syntax 


show table host 

save host 

add host Ipaddress String 

delete host Ipaddress|String 
---- 
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Command Line Summary 


Filter Table Configuration 


Chap^o,’^Configuring Klte^ ,and ** m ° re informa,io '’ ““"8 «lters, refer (o 

Table 20-12 Filter Table Commands 


Command Syntax 

show table filter 
show filter Filtername 
save filter 
add filter Filtername 
delete filter Filtername 

set filter Filtername RuleNumber permitldeny 
1 Ipaddress/NM Ipaddress/NM ] [ log ] 

set filter Filtername RuleNumber permitldeny 

^ dd ^ss/tVM Ipaddress/NM ] top [ src eq|lt|gt Tport ] 

1 dst eq | It | gt Tport ] [ established ] [ log ] 

set filter Filtername RuleNumber permitldeny 

: j r 1 src e9,itiat > 

set filter Filtername RuleNumber permitldeny 

Ipaddress/NM Ipaddress/NM ] icmp [ type Itype ] [ log ] 

set ipxfliter Filtername RuleNumber permitldeny 
[ srcnet Ipxnetwork ] [ srchost Ipxaddress ] 

dsrh° C r e r Sq|gt|lt Isock ] [ dstnet Ipxnetwork ] 

[ dsthost ipxaddress ] [ dstsocket eq|gt|lt Isock ] 

set sapfilter Filtername RuleNumber permitldeny 
server String ] [ network Ipxnetwork ] 

-E - g st dpxaddress^ ] [ socket eg|gt|lt Isock ] 
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Command Line Summary 


Location Table Configuration 


The commands shown in Table 20-13 are used to configure the Location Table us 
specify network dial-out locations. For more information about Location 
commands, refer to Chapter 9, "Configuring Dial-Out Locations. 


Table 20-13 Location Table Commands 

Comma nd Syntax ____.- 

show table location 
show location Locname 
save location 
add location Locname 
delete location Locname 

set location Locname continuous|manual|on_demand 
set location Locname protocol slip|PPPI frame 
set location Locname destination Ipaddress 
set location Locname netmask Ipmask 
set location Locname ipxnet Ipxnetwork 

set location Locname routing on | off|broadcast|listen 

set location Locname group Group 

set location Locname map Hex 

set location Locname compression on|off 

set location Locname mtu MTU 

set location Locname script|v25bis RuleNumber String String 

set location Locname maxports Number 

set location Locname high_water Number 

set location Locname idletime Minutes 

set location Locname ifilter Filtername 

set location Locname ofilter Filtername -_-- 
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Command Line Summary 


Table 20-13 Location Table Commands (Continued) 

Command Syntax 

_set location Locname multilink on |off 

Modem Table Configuration 


in form pi firm *1™ * r- • 2U ~ 6 * or additional information. For more 

^„™“r° nfigUr,n8 m ° dem8 ' ref “ *° Cha P*“ * »n 


Table 20-14 Modem Table Commands 

Command Syntax 

show table modem 
show modem ModemName 

add modem ModemName String Speed String 
I dslste modem ModemName 

Netmask Table Configuration 


Table 20-15 Netmask Table Commands 


Command Syntax 

show table netmask 
save netmask 

add netmask Ipaddress Ipmask 
delete netmask Ipaddress 


Modem Table Configuration 
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Command Line Summary 


Route Table Configuration 

, , _ •„ T , i p 20-16 allow vou to add and remove static routes to the 

""I""” command U. sta«c rou.es with .he HS (for hos.) 

and NS (for network) flags. 

Table 20-16 Route Table Commands 


Command Syntax 


show route 
save route 

add route Ipaddress Ipaddress Metric 
delete route Ipaddress 

add ipxroutes Ipxnet Ipxaddress^ Metric Ticks _ 


SNMP Configuration 


The commands shown in Table 20-17 allow you to configure the PortMaster as an 
SNMP agent. Use caution if you are allowing SNMP writes. 

Table 20-17 SNMP Commands 


Command Syntax 


show table snmp 
save snmp 

set sysname String 
set snmp on|off 

set snmp readcommunity|writecommunity String 
add snmphost reader[writer any)none1 Ipaddress_ 
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Command Line Summary 


User Table Configuration 


The commands shown in Table 20-18 allow r* , 

to authenticate dial-in users RADIUS ran I u COn lgure the User Table that is used 
however, the User Table's coated P “w'° aU,henfc » te dial-in users; 
commands, refer to Chapter 8, "Configuring oS-to UsT^”" abOU ' ^ 

Table 20-18 User Table Commands 

Command Syntax 

show table user 
show user Username 
save user 

add netuser Username [ password Password ] 
add user Username [ password Password ] 
delete user Username 

set user Username password Password 
set user Username dialback Locname | String 
set user Username host default|prompt| Ipaddress 

Se \"r" S SerVlCe netdata l portmaster Irlogin| telnet 
set user Username protocol slip|pp p 

set user tfeernaara destination Assigned|Negotiated!Ipaddress 

set user Username netmask Ipmask 
set user Username ipxnet Ipxnetwork 
set user Username routing on|off|broadcast|listen 
set user Username compression on|off 
set user Username ifilter Filtername 

set user Username ofilter Filtername 

set user Username mtu MTU 

set user Username map Hex 


User Table Configuration 
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A 

agent 


alias 

Annex-D 


ARP 

ASCII 

AUTOEXEC.BAT 


A software program installed in a managed network device. An agent 

“ d KSp ° ndS to ** —ser's roquest 

A name assigned by the user to a hub or node. 

Refers to the ANSI T1.617 Frame Relay Annex D version of the LMI (Local 
Management Interface) protocol. The Annex-D protocol has a more 

developecUater^ Cisco/Stratacom LMI, but was 

Recent versions of the PortMaster software support either type of LMI 
Barber versrons supported only the Cisco/sJtecom 

Address Resolution Protocol. This protocol discovers physical hardware 
givTntde eSSeS COrreSp ° nd to the high-level IP address for a 

American Standard Code for Information Interchange A standard 8 bit 
code commonly used by computers and communicationsIqufpmem 

process 1 ^ aUt ° matiCally read and 6Xecuted b y DOS during the startup 


B 

baud 


B-channel 

BONDING 


The number of discrete signal events per second occurring on a 
communications channel. Although not technically accurate baud 
commonly used to mean bit rate. 

A 64Kbps synchronous channel that is part of an ISDN BRI. 

Bandwidth ON Demand INteroperability Group. A method for 
combming two B-channels into a single 128Kbps channel. 


is 


G-l 








Glossary 


booting 

bps or b/s 
BRI 

broadcast packets 

c 

click 

client-server environment 

committed information rate 
community strings 

console port 
CRC errors 

CSU 

D 

DCE 

DDE 

G-2 


The process in which a device obtains information and begins to process 
it to attain a state of normal operation. 


Bits per second, a unit for measuring the data rate. 

Basic Rate Interface. ISDN interface that consists of two 64Kbps 
B-channels for voice or data and one 16Kbps D-channel for signa g. 

Packets that are sent to all network nodes. 


To position the mouse pointer on an object, then press and release the left 
mouse button. 

An environment where a computer system or process requests a service 
horn another computer system. For example, a workstation may request 
services from a file server across a network. 

The minimum bandwidth guaranteed to be available if required on a 
Virtual Circuit. (Guaranteed Bandwidth) often called UK. 

Community strings can be assigned to SNMP agents and are used to 
restrict access to lose devices. SNMP community strings include read 
community and write community. 

A serial port on a PortMaster, used to set its IP address using a terminal 
and for configuration. 

Cyclic Redundancy Check errors. These errors can indicate problems 
with source station hardware, receivers, retimmg modules/repeaters, 
bridges, cabling, or transceivers. 

Channel Service Unit. An ancillary device neededto adapt.the -V35 
interface to a port on a telephone carrier switch. The CSU place 
hofwppn the DTE and the switch. 


Data Communications Equipment, such as a modem. 

Dynamic Data Exchange. A form of interprocess co^uiu^^^^ 
shared memory to exchange data between applications, pp 
.• j_i _nr Ancmino' exchanees. 
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Glossary 


DLCI 


DLL 

DMA 

DOS 

DRAM 

DSU 

driver 

DTE 


Mrticu W Pv? neCti ° n Ident , ifier ' A Uni ^ ue number *at represents a 

network As^heT 3 partlcular P h y sical segment of the Frame Relay 
the frame is passed through each switch, the DLCI is 

SG b«hTT y ' automa ! icaU y l>y the switch. A DLCI identifies a 
circuit m both directions, not a destination or source. 

Dynamic Link Library. Windows automatically loads the applications 

other a e ppS.ro!S n ““ Un ' MdS them When s P a “ is for 

bj a mkroprSe^T' '° C ° mpUter memor y no ‘ medlaM 

JSScompute? eratin8 SyS,6m by IBM and “ m P alibIa 

kkg"“ d „r ^ Mem0ry A ,5 ' Pe ° f mem0r y com P“‘“ 

Digital Service Unit. An ancillary device needed to adapt the V.35 
interface on a port to a leased line or Frame Relay switch. 

A software module that controls an input/output port or external device 
such as a keyboard or a monitor. TCP/IP uses a driver to control the 
network interface cards. tne 

Date Terminal Equipment, such as a terminal. PortMaster serial ports are 


E 

echo test 
Ethernet 


s A N d ~ t6 f “ sed to check network reachability in which an ICMP or 
SNMP test packet is sent to elicit a standard response. 

A network communications system developed and standardized by 
Digital Equipment Corporation, Intel, and Xerox using baseband 7 

^TsuccTsor mET/ 02 ?r C d S 'i OSiCal !T tOP °" C ° axial cable - 
into the nt?T E ^ E f 80 J 3 Standard provides for integration of Ethernet 
_ OSI model and extends the physical layer and media with 

repeaters and implementations that operate on fiber optic cable 
broadband, and unshielded twisted pair. 
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Glossary 


F 

FRAD 


frame 


FTP 


Frame Relay Asynchronous Device. A special kind of CSU/DSU that 
iakeTan asynchronous SUP (sometimes PPP) connect.on and turns it mto 
a single PVC for Frame Relay. 

A packaging structure for network data and control information A frame 
consists of the destination address, source address, length field, data, pad 
and fame check sequence. The 802.3 standard for Ethernet specrf.es that 
the minimum size data frame is 64 bytes and the maximum size da a 
ic 1518 bvtes. 


File Transfer Protocol. FTP is a TCP/IP protocol used to log onto a 
network host, list directories, and transfer files. 


G 

graphical user interface 
GUI 


See GUI. 


Graphical User Interface, 
representation of various 


A software interface that is based on a graphical 
elements. PMconsole has several different 


GUIs. 


H 

hop 


A router-to-router transmission required when a data packet must be 
routed to a remote network. 


I 

icon 

ICMP 


in-band signaling 


\ graphic symbol on a user interface display. 

Internet Control Message Protocol. This part of the Internet Protocol (IP) 
“or generation of error message*, test packets, and mformational 
messages related to IP. This protocol is used by the ping « “ 

an ICMP Echo Request to a network host, which replies with an ICMP 

Echo Reply. 

Signaling over a network. 
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Glossary 


interface 

Connection and interaction between hardware, software, and the user An 
mterface ts achvated by programming language commands and 

“ erfa “ be * Ween COmp ° nen,S " a * 

internet 

A network of networks. 

Internet 

a™"^ 0 * ° f netW ° rks - stretchi "8 worldwide to millions of computers 

IP 

The Internet Protocol defined in RFC 791. 

IPCP 

IP Control Protocol. A protocol used by PPP for establishing and 
configuring an IP link over PPP. 6 

IPX 

The Internet Packet Exchange protocol defined by Novell, Inc. 

IPXWAN 

0? N f W ° rk P rotoco1 ' used to establish and configure an IPX 

link over PPP, as described in RFC 1634. 8 

ISDN 

delfoneH 1 ! Se n ViCe l Digital Network - A digital communications standard 
designed to allow the transmission of voice, data, images, and video over 

existmg copper phone lines. 6 eoover 

ISO 

International Organization for Standards. The international organization 
at sets standards for network communication protocols. 

K 

KB 

Kilobyte(s). 1024 bytes. 

Kb 

Kilobits, 1024 bits. 

Kbps 

Kilobits per second. 

L 

LAN 

Local ^a Network. A local collection, usually within a single building 

bvclbhnv i U §S ' ° f PerS ° nal COm P Uters and other devices connected 

by cablmg to a common transmission medium, allowing users to share 
resources and exchange files. 6 

LCP 

Link Control Protocol. Used by PPP for establishing, configuring and 
testmg the data-link connection. 8 & 
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Glossary 


LED 

line speed 


LMI 


local area network 


Light Emitting Diode. 

The speed of the physical wire attached to the interface or interface 
hardware. The line speed is 10Mbps for Ethernet and } 

Fractional T1 is often implemented with a wire speed of T1 (1.544Mbps) 
and a lower port speed. See also port speed. Upgrading lme speed is 
generally a hardware change. 

Local Management Interface. Aprotocol used to communicate link status 
and PVC status in Frame Relay. There are two types of LM ava * a ® 
Frame Relay; the original proprietary Cisco/Stratacom LMI, an 
ANSI T1.617 Annex-D LMI. In the PortMaster, LMI refers to the 
Cisco/Stratacom implementation. See also Annex-D. 

See LAN. 


M 

MAC address 


Media Access Control address. A unique 48-bit binary number (usua y 

represented as a 12-digit hexadecimal number) encoded in the circui ry o 
a device to identify it on a local area network. 


management 

management 


[formation base See MIB. 


ation 


A workstation or PC capable of retrieving and analyzing statistical 
. r _l: — n^hATnrlpH mMMP a v T ents■ 


MB 
Mb/s 
menu bar 


MIB 


Microsoft Windows 
modem 


legabyte(s). 1,048,576 bytes. 

legabits per second, a unit for measuring data rates. 

m area at the top of a Microsoft Windows display, below the title bar 
hat displays the names of pull-down menus the user can select with the 

nouse. 

Management Information Base. A set of parameters that an SNMP-based 
nanagement station can query from the SNMP agent of a networ 
ievice. 

rhe graphical user interface for the IBM and compatible personal 
zomputers. 

A modulator-demodulator; a device that converts between the digital 
signals used by computers and analog signals that can be transmitte 
over telephone lines. 
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Glossary 


mouse 

A pointing device, usually containing more than one functional button. 

MS-DOS 

Microsoft Disk Operating System. A version of DOS used by IBM- 
compatible personal computers. ^ 

N 

network 

A collection of computers, terminals, and other devices and the hardware 

network management 

In the OSI model, the five functional application areas of accounting 
management, configuration management, fault management § 

performance management, and security management 

NIC 

Network Information Center. An organization that provides information 

E^^JT*** technologies - NIC also is an 

NOC 

Network Operations Center. 

node 

A device, such as a personal computer, server, switching point, bridge or 
See sSn t0 3 3t 3 Single location; a1 ^ called station. 

NTl 

An ISDN term that identifies the customer-end termination of the local 
phone company wires (local loop). 

o 

ODI 

Open Datalink Interface. Novell's extension to its Open Datalink 
n erface specification. ODI isolates the protocol stack from the network 
connectivity 6rS 3 ^ [lowin % hardware independence for network 

out-of-band 

^°!f C , onnection ' or a connection outside of the connected networks 
established over a modem. This connection is useful when network 
communications are not available. 
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Glossary 


P 

packet 
partition 
physical circuit 
ping 

port 

port speed 

program manager 
PVC 

R 

RARP 

RFC 

router 

RS-232 interface 
runt packet 
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A unit of data sent across a network. 

Electronic isolation of an Ethernet device from network communications. 
A physical connection between two devices. 

Packet INternet Groper. A program that is useful for testing and 
debugging networks Ping sends an ICMP echo packet to the specrfted 
host and waits for a reply. Ping reports success or failure and statrstrcs 

about its operation. 

The physical channel or connection through which data flows. 

The rate at which data is accepted by the port at the end of the wire. 
Specifically, in Frame Relay, or other fractional T1 applications, it is 
common to have a T1 line between the site and the telecommunications 
provider but the telecommunications provider only accepts the number 
of bits per second ordered by the customer into the port on its equipmen . 
Upgrading port speed is generally a software change. 

The main display in Microsoft Windows, from which the user selects 
functions and manages applications. 

Permanent Virtual Circuit. A circuit that defines a permanent connection 
in a switched digital service, such as Frame Relay. Frame Relay is the on y 
swhS^dtghafservice that uses PVCs supported by PortMasters. 


Reverse Address Resolution Protocol. A protocol used in network routers. 

Request For Comments. A document that describes Internet standards 
such as the Internet Protocol (IP). 

A device that connects two or more networks and can direct traffic based 
on network resource availability. 

A standard for data communication using serial data and control signals. 


A packet with a frame size between 8 and 63 bytes with FCS or alignment 
errors. The runt packet is presumed to be a fragment resultmg from a 
collision. 
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S 


serial port 

A bidirectional channel through which data flows one bit as a time 
Asynchronous serial ports most often use 10 bits for a character of data 
including 1 start bit, 8 data bits, and 1 stop bit. 

server 

A computer or a specialized device that provides and manages access to 
shared network resources, such as hard disks and printers. 

SNMP 

^ P !i Network Management Protocol. This protocol is defined in RFC 
1157. This protocol relates to management of devices on IP networks. 

SPID 

Service Profile Identifier. 

station 

A device, such as a personal computer, server, switching point, bridge or 
fee node. C ° t0 3 nCtWOrk 3t 3 ^ l0Cati0ip “^ called a nS'e 

subnet mask 

A subnet mask identifies the subnet field of a network address. The 
subnet mask is a 32-bit Internet address written in dotted-decimal 
notation with ones in the network and subnet portions of the address 

SVC 

Switched Virtual Circuit. A connection established between two physical 

circuit h Z a T ° rdmary tele P hone cal1 - T he call creates a virtual 
circuit between the originator and the party called. 

T 

Telnet 

Internet standard protocol for remote terminal connection service Telnet 

IS described in RFC 854. Aemet 

terminal 

^Z keWi ! h 3 key , b0ard ' an RS ' 232 serial interface, and a display for 
communicating with a computer. ^ ^ 

terminal adapter (TA) 

A device that provides ISDN compatibility to non-ISDN devices An 
asynchronous TA turns an asynchronous bit stream into ISDN and looks 
ike a modem to the PortMaster. A synchronous TA takes a synchronous 
tream and turns it into ISDN, typically supports V.25bis dialing and 
connects to a PortMaster synchronous port. Some TAs can be configured 
for synchronous or asynchronous operation. ® 

terminal emulator 

A program that makes a PC screen and keyboard act like a video display 
terminal of another computer. display 
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TFTP 

thick Ethernet 
thin Ethernet 

twisted pair 

u 

Uinterface 

UDP 

UNIX 

V 

V.120 

V.25bis 

G-10 


Trivial File Transfer Protocol. A simplified version of FTP that transfers 
files but does not provide password protection or user directory 
capability TFTP can be used by diskless devices that keep software in 
ROM and use i, to boo, themselves. The PortMaster can be booted usrng 
RARP and/or TFTP. 

An Ethernet connection using a 15-pin D-shell connector and an AUI 
cable connected to a transceiver. Also known as 10Base5. 

An Ethernet connection where the transceivers are built into the device 
and a BNC connector with cable are used to complete the connection, 
generally using an RG-58 coaxial cable. Also known as 10Base2. 

Abbreviated UTP (unshielded twisted pair), a pair of dun-diameter 
insulated wires commonly used in telephone wiring. The wires are 
twisted around each other to minimize interference from other twisted 
pairs in the cable. Used for lOBaseT Ethernet with RJ-45 connectors. 


The ISDN interface defined as the connection between the NT1 and the 
telephone company local loop. The U interface standard is set by each 
country. The ifi nterface described in Livingston documentation refers to 


User Datagram Protocol. This protocol is defined in RFC 768. This is a 
connectionless protocol that adds multiplexing to I . 

A multiuser, multitasking operating system originally developed by 
AT&T that runs on a wide variety of computer systems. 


A CCITT standard for performing asynchronous rate adaptation into 
ISDN. 

A CCITT standard defining how to dial on synchronous devices such as 
ISDN or switched 56K. 


Configuration Guide for PortMaster Products—December 1995 






















Glossary 


V.32bis 


V.34 

virtual circuit 


w 

Windows 


* hat T nd , S ,?, e V ' 32 connectton horn 4800 bps 
bp V ' 32 ^ 1S modems fall back to the next lower speed when line 

to tb/ ^ ;T P u re ' 3n 1 fal1 back further as necessary. They fall forward 
the next higher speed when line quality improves. 

An ITU-T standard that allows data rates as high as 28.8K bps. 

A logical connection between two endpoints on a switched digital 

b ' -*«« or permanent. A sw£d 

SSS ” 3 H 25 r ,Ched 56K ««® y A pennanen. 

tual circuit (PVC) is used m Frame Relay See also PVC and SVC. 


Sith P no^ aSed ° perati ^ environment from Microsoft that integrates 
DOS to provide a desktop environment similar to the Macintosh. 
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=PAP= 9-12 


A 

access control 10-1 
access filter, setting 6-11,8-8 

adding input and output filters 5-3 
address 

assigned 8-5 
negotiated 8-5 
specified 8-5 

administrative Telnet sessions 19-10 

allowing bidirectional communications 6-18 
Annex-D 

configuration 16-9 
description of 16-3 
keepalives 7-11 
setting 7-9 
ARP 2-9 

assigned addresses 8-5 
assigned pool 4-10 
configuring 13-3 
asynchronous 

applications 1-12 
chat script examples 9-11 
permanent connections 3-16 
asynchronous port parameter 
access filter 6-11 


autolog 6-12 
compression 6-10 
console 6-12 
destination 

IP address 6-9 
netmask 6-9 
dial group 6-8 
dial-in and out 6-7 
DTR Idle 6-18 
enabling routing 6-10 
extended information 6-11 
flow control 6-18 
host 6-4 
host device 6-5 
host device value 6-5 
idle time 6-12 

input and output filters 6-10 

IPX network number 6-9 

line hangup 6-18 

login message 6-11 

login prompt 6-11 

login service 6-3 

modem control 6-17 

MTU 6-8 

network 6-7 

override 6-6 

parity 6-17 

port security 6-12 

port type 6-3 
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PPP async map 6-10 
protocol 6-8 

TCP header compression 6-10 
terminal type 6-4 

Two Way 6-6 
user login 6-3 
asynchronous ports 
configuring 6-1 
attaching 

filters 10-3 

modems to ports 6-14 
authentication process 3-5 
autolog parameter 6-12 

transactions 3-16 
chat script 

asynchronous 9-11 

description of 9-9 

send and expect strings 9-10 

V.25bis 9-12 

COMMAND status 3-6 
commands 

ifconfig 19-2 
ping 19-1 
ptrace 19-8 
reset 19-4 
traceroute 19-4 

communications servers, description of 1-3,1-5 

B 

backup 

configuration 19-9 

B-channel, definition of 7-6 
bidirectional communications 6-18 
booting a PortMaster 3-2 
booting from a PROM 19-16 
booting from the network 19-12 
boundaries of routes 4-11 

BRI port 7-6 
broadcast 5-3 
high 5-4 
low 5-4 

broadcast address, setting 5-4 

ComOS 

description of 1-7 
version number 19-3 
compression 

bidirectional 8-6 
configuration 

backing up 19-9 
overview 1-15 
steps 4-3 
testing 9-13 
tips 4-1 

configuring 

an ISP 13-1 

asynchronous ports 6-1 
modems for login 13-8 

PortMasters 4-2 

CONNECTING status 3-6 

c 

CHAP 

authentication 3-15,6-7,7-7 
authentication, ISP 12-8 
packet formats 19-7 

connection type 
continuous 9-3 
manual 9-3 
on-demand 9-3 
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connections 

dial on-demand 11-1 

dial-in 1-13 

Frame Relay 16-3 

host device 14-1 

Internet Service Provider 12-1 

ISDN 18-1 

ISDN on-demand 11-14,12-11 
ISDN, description of 7-6 
leased line 7-3,15-1 
login to host 1-13 
login user 13-1 
office to office 11-1 
routing over Frame Relay 1-14 
routing over ISDN 1-15 
routing over leased lines 1-14 
routing over switched 56K 1-14 
shared devices 1-14 
switched 56K 7-5 
to the Internet 1-13 
console, setting a port 6-12 
continuous dial out connections 9-3 
controlling access 10-1 
conventions xxxi 
creating a filter 10-4 
CSU/DSU 

switched 56K 17-1 
using 7-9 


D 

Data Link Channel Identifier 7-4 
description of 16-1 
D-channel, definition of 7-6 
debugging network problems 19-3 


decisions, preconfiguration 1-9 
dedicated connections 6-7,6-8, 7-7 
default gateway, setting 4-5 
default login host 8-8 
default routing, setting 4-5 
defining 

dial-in login users 13-9 
dial-in network users 13-10 
dial-in users 11-7,17-7,17-10,18-9 
dial-out locations 11-8,17-8,17-11,18-10 
destination 

IP address, setting 6-9, 7-8,9-5 
netmask, setting 6-9 
device services 

description of 3-10 
netdata 3-12,6-6 
PortMaster 3-11,6-5 
rlogin 3-11,6-5 
Telnet 3-12,6-5 

using 14-4 
device value 6-5 
diagnostic mode 19-10 
dial group 

description of 9-7 
setting 6-8,7-10,9-7 
dial on-demand routing 9-3 
dial script 9-11 
dialback 

login user 8-10 

network users, configuring 8-7 
users 8-2 

dialer window 9-13 
dial-in 

and out operation 3-13,3-14,6-7 
connections 1-13 
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description of 3-13 
port configuration 14-7 
dial-out 

connection types 9-3 
description of 3-14 
dial-out parameters 

destination IP address 9-5 
dial group 9-7 
enabling routing 9-5 
filters 9-7 

high water mark 9-9 
idle timeout 9-7 
IPX network number 9-5 
maximum ports 9-8 
maximum transmission unit 9-6 
netmask 9-5 
network protocol 9-4 
TCP header compression 9-6 
direct data link login applications 3-9 
direct host connections 6-12 
disabling a port 19-4 
DISCONNECTING status 3-6 
displaying extended information 6-11,7-7 

DLCI 7-4,16-1 
learning 7-11 
list, setting 7-11 
DNS, setting 4-6 
DSR value 6-19 
DTR Idle 6-18 

transitions 6-19 

dynamically setting the IP address 4-7 

E 

enabling 


IP traffic 5-4 

outbound traffic 6-17,7-9 
routing 9-5 

escaping PPP characters 6-10 
ESTABLISHED status 3-6 
establishing a log in session 3-7 
Ethernet 

802.2 5-5 
802.2JI 5-5 

802.3 5-5 

hardware connections 5-1 
II 5-5 

parameter descriptions 5-2 
Ethernet parameters 

broadcast address 5-4 
enabling IP traffic 5-4 
IP address 5-3 
IPX 5-4 

IPX frame type 5-5 
IPX network number 5-5 
NetBIOS 5-6 
netmask 5-4 
routing 5-3 

example applications, all products 1-11 
extended information 6-11,7-7 
external clock 

leased line 15-5 

F 

Filter Table, description of 10-3 
filters 

access 10-19 
adding 5-3 
adding rules 10-5 
allow auth queries 10-17 
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allowing RIP packets 10-17 

asynchronous port 6-10 

attaching 10-3 

creating 10-4 

description of 10-1 

DNS outside local subnet 10-16 

examples 10-14 


protocol setting 9-4 
routing 1-14 
subinterface 16-10 
FTP packet filtering 10-12 


firewall 10-18 

global parameters 

FTP packets 10-12 

default gateway 4-5 

hardwired port 10-15 

default routing 4-5 

input and output 9-7 

example of 4-4 

internet 10-15 

function 4-3 

Internet Service Provider 12-10 

gateway 4-8 

IP rules 10-5 

Host Table 4-7 

IPX rules 10-11 

IP address assignment 4-7 

logging results 10-19 

metric 4-9 

permit and deny 10-14 

name service 4-6 

rules 10-3 

Netmask Table 4-9 

SAP rules 10-12 

password 4-5 

setting input and output 6-10, 7-10,8-7 

route destination 4-8 

simple 10-14 

setting 4-4 

synchronous port 7-10 

SNMP monitoring 4-7 

TCP and UDP port services 10-8 

static routes 4-8 

TCP protocol options 10-7 

system logging 4-6 

tracing packets 19-8 

system name 4-4 

UDP options 10-8 

Telnet 4-6 

FireWall IRX router, description of 1-3 

ticks 4-9 

FLASH RAM recovery 19-12 
flow control 

H 

hardware 6-18 

hanging up a line 6-18 

software 6-18 

hardware flow control 6-14,6-11 

Frame Relay 

hardwired connections 3-16 

connections 16-3 

limitations of 3-17 

description of 16-3 

high water mark 

parameters 7-11 

description of 9-8 
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setting 9-9 

high-speed dedicated connections 7-1 
host connections, direct 6-12 

host device 6-5 
access 6-1 
configuration 3-10 
connections 14-1 

host name 

default 6-4 
prompt 6-4 
specifying 6-4 

Host Table 

configuring 4-7 

HOSTNAME status 3-6 

how to contact Livingston xxxii 

examples 2-2 
notation 2-2 
reserved addresses 2-4 
routing 2-8 
subnet masks 2-6 
subnetting 2-6 

Internet connections 1-13 

IP 

enabling traffic 5-4 
filter rules 10-5 
protocol 2-1 

IP address 

assignment 4-7 

setting 5-3,8-5,11-4,13-4,14-5,15-4, 
16-6,17-4,18-7 

IPCP configuration options 19-7 

I 

IDLE status 3-6 
idle time 

setting 6-12,9-7 

ifconfig 

command 19-2 
flags 19-2 

in.pmd daemon 14-1 

INITIALIZING status 3-6 
integrated NT1 7-6 
interface, definition of 3-4 
internet (IP) addressing 2-1 
class A 2-2 
class B 2-3 
class C 2-3 
class D 2-4 
class E 2-4 
conventions 2-5 

IPX 

addressing conventions 2-5 
encapsulation 5-5 
filter rules 10-11 
frame type 5-5 
protocol 2-1 

IPX network number, setting 5-5,6-9,7-9,8-5, 
9-5 

IRX routers, description of 1-3 

ISDN 

authentication 18-1 

B-channel 7-6 

connection 18-1 

connections 7-6,17-1 

D-channel 7-6 

on-demand connections 11-14,12-11 
routing 1-15 

SPID18-5 

switch type 18-1 
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troubleshooting 18-15 
V.25bis dialing 17-5 
with BRI ports 18-1 
ISP 

connection to 12-1 
how to configure 13-1 

K 

keepalives 7-11 

L 

LCP 

configuration options 19-6 
packet formats 19-6 
lease line 

routing 1-14 
leased line 

connection 15-1 
connections, description of 7-3 
CSU/DSU 15-1 
PPP 15-1 
LEDs 

ISDN 18-16 
line hangup 6-18 
line speed, description of 16-2 
listen 5-3 
LMI7-5 

configuration 16-9 
description of 16-3 
setting 7-11 
load-balancing 9-8 
configuring 9-8 

Local Management Interface 7-5 

local management interface, description of 16-3 


location name 9-2 
location parameters 

destination IP address 9-5 
dial group 9-7 
enabling routing 9-5 
filters 9-7 

high water mark 9-9 
idle timeout 9-7 
IPX network number 9-5 
location name 9-2 
maximum ports 9-8 
maximum transmission unit 9-6 
netmask 9-5 
network protocol 9-4 
TCP header compression 9-6 
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description of 9-1 
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lo gging into a host 3-7 
login host 
default 8-8 
prompt 8-8 
setting 8-8 
specified 8-8 
specifying 6-4 
login message, setting 6-11 
login prompt, setting 6-11 
login security 6-11 
login service 

description of 3-8 
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PortMaster 3-8,6-3 
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rlogin 3-8,6-3 
setting 6-3,8-9 
Telnet 6-3 
Telnet login 3-8 
using 14-4 
login users 6-1,8-2 
configuring 8-7 
connection 13-1 
dialback 8-10 

M 

manual dial out connections 9-3 
maximum dial-out ports, setting 9 8 
maximum transmission unit (MTU) 
setting 6-8,8-6,9-6 
metric parameter 4-9 
metric, setting 4-9 
modem 

adding 6-16 
attaching 6-14 
cable pinout 6-13 
configuring 6-13 
configuring for login 13-8 
control 6-17,7-9 
control signals 6-14 
output signals 6-13 
parameters 

configuring 6-16 
port speed 6-17 
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table 6-16 
modem pool 9-7 
setting 6-8,7-11 

MP 9-9 


MTU, setting 6-8 
multi-line load-balancing 9-8 
configuration example 11-13 

Multilink PPP 9-9 

N 

name service, setting 4-6 
negotiated addresses 8-5 
negotiating IP addresses 6-9,7-8 
NetBIOS, setting 5-6 
netdata 

device service 3-12, 6-6 
login service 3-8,6-4 

netmask 

description of 2-6 

setting 5-4,7-9,8-5,9-5 
Netmask Table 2-7 

assigned pools 4-10 
configuring 4-9 
network 

addressing 2-1 

booting 19-12 

connectivity, example of 1-1 
device configuration 3-10,14-2 
dial in 6-7,7-7 
dial out 6-7,7-8 
dial-in & out 6-7,7-8 
hardwired 6-7,6-8,7-7 
problems 19-1 
problems, debugging 19-3 
protocol values 19-5 
protocol, setting 9-4 
two way 6-7 
type parameter 7-7 
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user, configuring 8-4 
user, description of 8-2 
new user 8-4 
NIS, setting 4-6 
normal users 8-2 
NO-SERVICE status 3-6 
NT1 integrated 7-6 
null-modem cable 6-13 

o 

office router 

description of 1-4 
hardware description 1-7 
office-to-office connections 11-1 
on-demand 

connections 11-1 
dial out connections 9-3 
routing 9-3 

operation of PortMaster 3-2 
outbound authentication 
PAP 9-12 
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PAP 
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packet formats 19-7 
parity, setting 6-17 
PASSWORD status 3-6 
passwords 

recovering 19-11 
setting 4-5 
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physical circuit, description of 16-1 
ping command 19-1 

PMconsole, description of 1-4 
port 

definition of 3-4 
description of 1-4 
IP address, setting 7-8 
security, setting 6-12 
speed 

description of 16-2 
setting 6-17, 7-9 
sychronizing 6-17 
synchronous ports 16-3 
status 3-6 
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host device 6-5 
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booting 3-2 
configuration of 4-2 
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operation of 3-2 
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async map 6-10 

encapsulation, description of 3-13 
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setting 4-8 
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management of 3-5 
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PortMaster 1-7 
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device services 3-12 
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